A breach of credit and debit card data at discount retailer Target may have affected as many as 40 million shoppers who went to the store in the three weeks after Thanksgiving, the retailer said Thursday. 

According to the Star-Tribune, a spokeswoman for American Express confirmed the breach in an interview with the Star Tribune, and the Secret Service confirmed to the Wall Street Journal and the Associated Press that it has begun its own investigation.

"We're working with Target on this," Marina Norville, an American Express spokeswoman, said Wednesday. "It's an investigation right now. We've put fraud controls in place."

Unnamed sources have been quoted as saying the computer breach occurred on or around Black Friday, the day after Thanksgiving and one of the year's busiest shopping days. It may have continued until Dec. 6 or Dec. 15, sources told Krebs, involving transactions in stores but not online purchases. 

In addition, CNN Money is reporting that Target didn't specify how its systems were hacked. But judging by the scope of the breach and the kind of information criminals got, security experts say hackers targeted the retailer's point-of-sale system. That means they either slipped malware into the terminals where customers swipe their credit cards, or they collected customer data while it was on route from Target to its credit card processors.

The retailer said it notified authorities and financial institutions immediately after it was made aware of the unauthorized access and had hired a forensics team to thoroughly investigate how the breach may have happened. The issue that allowed the breach has been identified and resolved, according to Target spokeswoman Molly Snyder.

"Target's first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence," CEO Gregg Steinhafel said in a statement. "We regret any inconvenience this may cause."