The holiday shopping season may be coming to a close soon, but an announcement from Target may have millions of its customers on edge: it was the victim of a data breach between November 27 and December 15, 2013. 

The Minnesota-based discount business is the second-largest retailer in the United States after Wal-Mart with 1,797 locations, according to the Wall Street Journal. These incidents could put as many as 40 million customers at risk because the data breach occurred on Thanksgiving, right before the official holiday shopping season occurred.

"Your trust is a top priority for Target, and we deeply regret the inconvenience this may cause" Target said in its statement. "The privacy and protection of our guests' information is a matter we take very seriously and we have worked swiftly to resolve the incident."

It is unclear exactly who was targeted, but about 40,000 card readers were tampered with. These machines were able to obtain credit and debit card numbers along with the security codes and expiration dates, as well as the names of these cardholders. Target would not confirm which stores had these damaged card readers.

Customers who made purchases online or in any of the chain's 124 locations in Canada were not affected by these attacks.

Target's next steps

Because of the magnitude of this attack, the Secret Service will be involved with Target's case. As of December 19, the agency confirmed that they will be a part of the search, but has not said any more than that.

In the meantime, Target notified banks to keep an eye out for suspicious behavior and hired a third-party forensics team to dig further into this problem. In its release, Target recommended that customers check their credit report to see if any fraudulent activity has occurred on their account since last month.

Companies that have yet to develop their own disaster recovery strategy can partner with a business continuity consultant who has extensive experience with these issues.