The US chainstore Target has been hit by one of the biggest online frauds in history.
The data breach began around on Black Friday, 29 November, one of the busiest shopping days of the year. Up to 40 million customers have since had their credit card information stolen.
The thefts may have occurred through software installed at machines that customers use to swipe their cards when paying.
Target said the data was stolen between Thanksgiving and 15 December.
The BBC reports the thieves took credit card numbers, names, expiration dates and security codes for the cards.
Target urged people who shopped at its stores to check credit card records and query unusual activity.
"We regret any inconvenience this may cause," said Target boss Gregg Steinhafel in a statement.
Digital Strategy Consulting director Danny Meadows-Klue says the fraud was very sophisticated.