Payment card data was stolen from an unknown number of Target customers starting on the busy Black Friday weekend in a major breach at the retailer, according to a person familiar with the matter.
Investigators believe the data was obtained via software installed on machines that customers use to swipe magnetic strips on their cards when paying for merchandise at Target stores, according to the person who was not authorized to discuss the matter.
Krebs on Security, a blog that first reported the news, said that breach involved nearly all Target outlets in the United States, citing sources at two credit card issuers.
The breach could have extended from just after Thanksgiving to Dec. 15, Krebs said, citing evidence from investigators.
Target representatives did not respond to requests for comment.