DHAKA: Payment details from up to 40 million credit cards could have been stolen after they were used in the stores of US retail giant Target.

The retailer said it was investigating after discovering that thieves had gained access to its payment systems.

The data breach began around 29 November, known as Black Friday, one of the busiest shopping days of the year, reports BBC.

The attackers are believed to have been scooping up credit card details for almost three weeks.

"We take this matter very seriously and are working with law enforcement to bring those responsible to justice," said Target boss Gregg Steinhafel in a statement.

In addition, he said, the company was working with a data forensics firm to work out how the theft occurred.
Data-stealing code

Target said the thieves had taken credit card numbers, names, expiration dates and security codes for the cards.

It urged people who shopped at its stores in the vulnerable period to check credit card records and query unusual activity.

"We regret any inconvenience this may cause," said Mr Steinhafel.

Security researcher Brian Krebs, writing about the breach, said sources at credit card payment processing firms had told him the thieves had installed data-stealing code on to card-swipe machines at tills in all 1,797 Target stores.

It is not yet clear how the attackers managed to get their malicious program on to point-of-sale equipment in the stores.

The thieves stole data between Thanksgiving and 15 December, said Target.

The US Secret Service, which has official responsibility for investigating financial fraud, told Reuters it was looking into the breach.

The largest ever credit card breach at a US retailer took place in 2007 when cyber-thieves managed to steal information related to almost 46 million credit and debit cards from TJ Maxx and Marshalls.

The thieves amassed the huge cache of data over an 18 month period after penetrating the retailers` computer network.

BDST: 1052 HRS, DEC  20, 2013
RS