The theft of credit and debit card information for as many as 40 million Target customers, first reported by independent journalist Brian Krebs, is prompting banks to take action.

JP Morgan Chase, Santander Bank, and Citibank have capped debit card purchases and ATM withdrawals for customers whose accounts may have been compromised. Some smaller banks are out-and-out canceling customers' cards.

Hackers stole PINs too

The situation may be even more dire than initially reported, as Reuters is now saying that personal identification numbers (PINs) were stolen along with the card numbers. The PINs were encrypted, but there is no guarantee that the hackers won't decrypt them.

Hackers stole the information in the three weeks after Black Friday, though it's still unknown how Target's systems were breached. The US Secret Service, which investigates financial crimes, is looking into the case.

Meanwhile, victims' credit card information is flooding the black market — and Krebs is still chasing it. A hacker already offered the journalist $10,000 to hold a story about the forums where the information is being sold.