Millions of Target shoppers may have ultimately received a bit more than they bargained for during Black Friday. Data from as many as 40 million credit accounts belonging to holiday shoppers may have fallen victim to a sophisticated hack that reportedly took place over several weeks starting on Black Friday and extending through December 15.

The security breach was first reported by Krebs on Security and was later independently confirmed by the Wall Street Journal before Target issued an official statement on the matter. A spokesperson for the US Secret Service said they are currently investigating the incident.

According to Krebs, the type of data stolen is known as track data which is the data stored on the magnetic strip of credit and debit cards. This information allows thieves to create counterfeit cards by loading stolen data onto bogus cards. In the event the crooks were able to get PIN numbers, they could also make fake debit cards and use them to withdraw cash from ATMs.

It is believed that the hack involved nearly every Target store in the US. An anti-fraud analyst for a top-ten US bank card issuer told Krebs that they can’t say for sure that all stores were impacted but they do see customers all over the US that were victimized.

Target said they alerted authorities and financial institutions immediately after the breach was made aware. What’s more, Target said they are putting all appropriate resources behind the efforts.