Retail chain Target has said about 40 million credit and debit cards might have been compromised by a data breach at the height of the holiday shopping season.
It would be one of the largest credit card breaches at a US retailer.
The breach started around Thanksgiving, on the busy Black Friday weekend.
Customers who made purchases using their cards at the chain's stores between November 27 and December 15 may have been exposed, the retailer said.
The stolen data includes customer names, credit and debit card numbers, card expiration dates and the three-digit security codes located on the backs of cards.
The company said it notified authorities and financial institutions as soon as it became aware of the breach, and that it is working with a third-party forensics firm to investigate the matter.
Target Corp advised customers who suspect there has been unauthorised activity on their cards to call them.
"Target's first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence," chairman, president and CEO Gregg Steinhafel said.
"We regret any inconvenience this may cause."
Target, which has 1,797 stores in the United States and 124 in Canada, is not the first US retailer to be hit by a major data security issue.
TJX Cos, which runs stores such as TJ Maxx and Marshall's, had a breach that began in July 2005 that exposed at least 45.7 million credit and debit cards to possible fraud. That breach was not detected until more than a year later.
Avivah Litan, a security analyst with Gartner Research, noted that companies like Target spend millions of dollars each year on credit card security measures.
Given the company's heavy security, Ms Litan said she believes the theft may have been an inside job.
"The fact this breach can happen with all of their security in place is really alarming," she said.
:: Watch Sky News live on television, on Sky channel 501, Virgin Media channel 602, Freeview channel 82 and Freesat channel 202.