Anyone who made purchases by swiping cards at Target stores between November 27th and December 15th might be affected.
If you shopped at Target during that three-week period, it's a good idea to check your accounts immediately.
It is not clear how the system was hacked, but security experts say that Target has one of the best internal security systems of any retailer, so if it can happen to Target, it can happen to any big box retailer.
Tom Tran was alerted on December 6 that more than $300 had been charged to his Discover card. His account is setup to notify him when it exceeds that amount. By email the Elmhurst resident was informed that $1,000 was charged to his card at a Target store.
With customers rushing in for deals, the Target holiday season kicked off on Thanksgiving Day, with millions using their credit or debit cards from November 27 through December 15.
Thieves managed to hack into the system stealing customer names, account numbers, expiration dates and CVV security codes..
"It's sad because a lot of people trust the brand," said customer Andre Williams.
"I think it is the sign of the times," said customer Susan Moody. "It's not the first time, unfortunately. It's a place I shop all the time."
Target says 40 million credit and debit cards were compromised. While it's believed the data was taken from the terminals where customers swipe their cards, security experts say that with so many cards affected, it's unlikely individual machines were hacked.
"The info we have so far, it appears as though the fraudsters were able to get into Target servers," said Professor Bill Kresse, Saint Xavier University.
Because the hackers don't have access to addresses and social security numbers, Kreese, a fraud expert, says the breach is not considered identity theft, it is credit card theft.
Experts say the only way to know if you are a victim is to check your bank and credit card accounts daily.
"I make sure I check it at least 2-3 times a day, make sure what is on there is what I spent," said customer Danielle Gant.
If you are a victim, contact your bank or credit card company directly, the Better Business Bureau warns consumers if someone tries to contact you, you may become a victim again.
"Never, never give your info to anybody on the internet unless you make the call or went that website," said Steve Bernas, Better Business Bureau.
At Targets Thursday, many people were paying cash, too afraid to use their debit or credit cards.
Target released a statement, reading in part: "Target's first priority is preserving the trust of our guests and we have moved swiftly to address the issue."
Security experts say that now Target is probably the safest retailer to shop at.