Monday morning, Target confirmed reports that criminals attacked its customer information system earlier this year, stealing credit card and personal data from about 40 million customers. The theft began Thanksgiving week, just before Black Friday, and continued until December 15.

Nearly every domestic Target store was, uh, targeted in the attack, but online shoppers were not affected. The information stolen included customer names, credit and debit card numbers, expiration dates, and three-digit security codes. Target is advising potentially-affected customers to "remain vigilant for incidents of fraud and identity theft by regularly reviewing [their] account statements and monitoring free credit reports."

"Target's first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause," Target CEO Gregg Steinhafel said in a statement. "We take this matter very seriously and are working with law enforcement to bring those responsible to justice."

The Secret Service confirmed Wednesday night that it was investigating the incident, but declined to comment. According to a source who spoke with Krebs on Security, who first broke the news, the hack "will put its mark up there with some of the largest retail breaches to date."

[Image via AP]