Target issued a statement this morning confirming reports by security journalist Brian Krebs that it was the victim of a massive security breach. The breach\u2014which began on or around Black Friday\u2014resulted in the compromise of an estimated 40 million customer credit card accounts.\tIt\u2019s a simple fact that the dramatic spike in shopping and consumerism during the holidays results in an equivalent jump in cybcercrime. Cybercriminals know that people are so busy shopping that the pool of victims is substantially larger, and the odds of success are much greater because consumers aren\u2019t monitoring their spending and credit card statements quite as closely during the holidays.\tThe fact that these hackers chose Target is a sort of dubious honor for the retailer. Essentially, it\u2019s an acknowledgement of just how popular Target is for holiday shopping.\tRight now, there are probably more questions than answers. Target claims that the source of the breach has been resolved, but the investigation into the root cause, or the conditions that allowed such a breach in the first place are ongoing.\tThe breach affects customers who shopped in actual brick-and-mortar Target stores between November 27 and December 15. By the time all of the dust settles, there\u2019s a good chance this will rank as one of the most massive breaches of customer data to date.\tJames Lyne, global head of security research at Sophos, shared some thoughts on the attack. \u201cIt is claimed to be data stealing code on the terminals handling transactions though details are scarce. This means widespread deployment of malicious code across many terminals raising the question of how this made it through the build checks and whitelisting into Target\u2019s standard. Even still, more details may come to light shortly but we should assume the worst.\u201d\tThat said, Dwayne Melancon, CTO for Tripwire, points out a bit of a silver lining. \u201cThis has been compared to the TJX breach but one key difference is the time frames involved, at least based on the public data at this point. In the TJX instance, the breach began about 18 months before it was discovered. In this case, we are hearing about a compromise that occurred about a month ago\u2014that reduction in discovery and disclosure time is dramatic. The fact that Target is already saying the breach vector has \u201cbeen resolved\u201d is another huge difference between this other high-profile breaches.\u201d\tQualys CTO Wolfgang Kandek is among the 40 million customers impacted by the breach. \u201cI did some traditional shopping at Target between Nov 27 and Dec 15, and so I am in the affected customer set,\u201d explained Kandek. \u201cUnfortunately, beyond canceling one's credit card (which is a hassle) there is not much a customer can do in such a situation.\u201d\tLee Weiner of Rapid 7 has some words of caution for customers who may be affected by the Target breach\u2014or even those who aren\u2019t. \u201c\u201cBe wary of any communications from people claiming to be your bank. Incidents like this provide a great opportunity for other criminals to launch \u201cpiggyback\u201d attacks. They can target you with a call or email claiming to be your card issuer, and then get you to give them your banking information, online security credentials, or visit a malicious website.\u201d\tWeiner says that any communication alleged to be from a bank or credit card provider should be treated as suspect. Do not share any information in response to an email or phone call. You should call the provider yourself\u2014using the number on the back of the card\u2014or open a new browser window and log into the bank or credit provider\u2019s website directly to ensure you aren\u2019t being redirected to a spoofed site.\tKandek recommends that users log into credit card and bank account sites more frequently to view pending and processed transactions for potential fraudulent activity. Aside from that, he says customers basically just have to trust the fraud detection algorithms in place a their bank or credit card provider, and hope that any suspicious activity is flagged.