SHERMAN, TX -- Between November 27 and December 15 anyone who swiped a credit or debit card inside any of Target's 1,800 stores nationwide may now be at risk.
Target is not saying how the breach happened, but admits that the personal information of millions of people has been compromised, and right in the middle of the holiday shopping season.
"I actually saw it on Facebook and I was racking my brain thinking 'hey, did I shop at Target?'" Target shopper Tara Carruth said.
"How in the world could that even start to happen?" shopper Kerry Jones said.
The stolen data includes customer names, credit and debit card numbers, card expiration dates and the three-digit security codes located on the backs of cards.
"I'd want my money back right away. I mean, it can put people in a bind. It's Christmas and New Years. People spend a lot of money around this time," Carruth said.
If you shopped at Target between November 27 and December 15 security experts say check your bank statements often and carefully.
"If 40 million cards were actually compromised it's going to take bad guys to get through so the chances of everybody being breached is small -- still need to pay very close attention to your statements daily at this point," McAfee Online security expert, Robert Siciliano said.
Experts say if you discover you're a victim:
First, report the activity to your credit card company or bank. Next, Target wants you to call them.
You can also report a case of identity theft to the Federal Trade Commission.
The good news, if there are fraudulent charges on your account, you will likely not be out the money. Credit card companies and banks will most often refund you, and since this breach is tied to the retail store, Target will ultimately be the one who compensates the banks and credit card companies.
For shopper Kerry Jones, he says this is exactly why he sticks to cash.
"Well, it's just a lot more convenient for me. I know exactly where I am, what I'm doing, how much money I got on me. And I don't really spend as much either," Jones said.
Target says the data breach did not affect online purchases.
Target's contact number is 866-852-8680 and for more information about identity theft, you can visit the Federal Trade Commission's website, www.consumer.gov/idtheft, or call the FTC at (877) IDTHEFT (438-4338).