In the second largest breach of security at a US retailer, Target has announced that up to 40 million customer cards along with personal information was compromised by hackers over a three week period in November-December of this year.

Just as an aside: The Obamacare websites don't have near the security of the Target database and no one in the administration seems overly concerned about that.

Reuters:

Target Corp said data from about 40 million credit and debit cards might have been stolen from shoppers at its stores during the first three weeks of the holiday season, in the second-largest card breach at a U.S. retailer.

The data theft, unprecedented in its ferocity, took place over a 19-day period that began the day before Thanksgiving. Target said on Thursday that it identified and resolved the issue on December 15.

The company's shares fell as much as 3.2 percent before the bell.

Though smaller than the breach disclosed in March 2007 by TJX Companies Inc, parent of apparel chains TJ Maxx and Marshalls, the data theft took place over a much shorter period and hit shoppers at the beginning of the U.S. holiday season.

Target said the breach might have compromised accounts between November 27 and December 15, a period of nearly three weeks.

The data theft revealed by TJX took place over 18 months, affecting 45.7 million payment cards, according to the company. Banks later said in court documents that the hackers could have obtained more than 94 million account numbers in the TJX case.

On Thursday, Target told customers in an alert on its website that the criminals had stolen customer names, payment card numbers, expiration dates and their CVV security codes.

"On December 15, we were able to identify an unauthorized access and we were able at that time to resolve the issue," Target spokeswoman Molly Snyder said by telephone.

Krebs on Security, a closely watched security industry blog that broke the news on Wednesday, said the breach involved nearly all of Target's 1,797 stores in the United States and investigators believed the data was obtained via software installed on point-of-sales terminals used to swipe magnetic strips on payment cards.

It is not yet clear how the attackers were able to compromise point-of-sales terminals at so many Target stores. "It is very clear it is a sophisticated crime," Snyder said.

The U.S. Secret Service is working on the investigation, according to an agency spokeswoman. A Federal Bureau of Investigation spokeswoman declined to comment.

Almost 1800 cash registers were installed with hacker software? Obviously the crooks found a weakness and exploited it. These were not a bunch of teenage geeks seeing what they could get away with. To infect that many registers would require an army of sophisticated hackers.

Who did it? Take your pick; Russian mob, Chinese, even the mafia has apparently bought in to this kind of crime. The bottom line is that the hackers are able to stay one step ahead of the security companies. And unless the good guys can find away to surpass the ability of the bad guys to access our data, commerce on the web is going to be drastically affected.