On Thursday, Target confirmed that it was hacked in a breach that could affect approximately 40 million credit and debit card customers. The store said the breach was first reported by Brian Krebs, and affects those who used their cards in U.S. stores at the height of the holiday shopping season, between Nov. 27 to Dec. 15. The holidays is usually a period when consumers and companies could be at high-risk for data breaches, since there's an increased volume of transactions that can mask other irregularities that would tip companies off to a problem.

The retail store acknowledged that cyber-criminals obtained the names, credit or debit card numbers, expiration dates, and three-digit security codes of store customers who purchased items over the past few weeks. They added that the issue that let the hacker gain access to customer data has been identified and resolved. The company said that it's working with law enforcement officials to track down those responsible for the attack and has hired a third-party forensic team to investigate the incident.

"Target's first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause," said Gregg Steinhafel, Target's chairman, president and chief executive officer in a statement. "We take this matter very seriously and are working with law enforcement to bring those responsible to justice." The Secret Service is also investigating the issue, according to a spokesman, since they often investigate major hacks of credit card data as part of their mission to safeguard the country's financial infrastructure.

Target has set up a hotline for those who believe they may have been affected by the breach. Customers who have noticed irregular activity on their accounts should call the firm at 866-852-8680. They also recommend that those affected contact law enforcement and the Federal Trade Commission to report any incidents of identity theft, and check their credit reports for any indication of fraudulent activity.