Target said the personal data stolen could affect its past shoppers - not just those who have visited the store recently. Customers who shopped in the weeks following Thanksgiving may have had credit or debit card information stolen, with as many as 40 million people affected.
Target said it would try to reach customers for whom it has e-mail addresses to inform them of the breach. It cautioned that it would not ask customers to provide any personal information and warned customers not to respond to any e-mail claiming to be from Target.
"I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this," said Target CEO Gregg Steinhafel.
Customers will not be liable for the cost of any fraudulent charges. Target is also offering one year of free credit monitoring and identity theft protection to all customers who shopped in U.S. stores. Customers will have three months to enroll in the program.
Experts suggest that customers who used debit or credit cards at Target between Nov. 27 and Dec. 15 should contact their card issuer and get a new card with a new account number. They should also change their PIN and monitor their account carefully for any questionable purchases.
CLICK HERE for more information from CNNMoney.