U.S. retail giant Target Corporation has confirmed reports that it is investigating a security breach on credit and debit card information of its customers. Around 40 million shoppers who purchased from the company’s stores across the country from November 27 and December 15 are feared to be affected by the theft.

Security blogger Brian Krebs first reported the breach on Wednesday, quoting anonymous sources who claimed that Target working with credit card companies and the Secret Service in investigating the breach.

Cybercriminals have apparently stole data based on the magnetic stripe of cards that were used at the stores. The type of data stolen, called “track data,” allow thieves to create counterfeit cards by encoding the information onto any card with a magnetic stripe, according to the blog. If the thieves were also able to capture the PIN data for debit transactions, they could also withdraw cash from ATMs.

On Thursday, Target has confirmed the report, saying that it is aware of unauthorised access to payment card data of its customers. It is working closely with law enforcement and financial institutions, assuring the public that it has already identified and resolved the issue.

“Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause,” chairman, president and chief executive officer, Gregg Steinhafel, said in a statement.

“We take this matter very seriously and are working with law enforcement to bring those responsible to justice.”

The breach is estimated to have started just before Black Friday in the U.S., and has continued until December 15. Upon learning of the security violation, the company has alerted authorities and financial institutions immediately.

Target is also partnering with a leading third-party forensics firm for a more thorough investigation.

The press release did not indicate if online shoppers were also affected.

Target is encouraging guests who suspect unauthorised activity on their debit and credit cards to contact the company.