UPDATE Thursday 5:34am CT: In a statement posted to its website early Thursday morning, Target acknowledged that "approximately 40 million credit and debit card accounts may have been impacted between Nov. 27 and Dec. 15, 2013," adding that the company is "partnering with a leading third-party forensics firm to conduct a thorough investigation of the incident."

Original story follows:

According to the Wall Street Journal and independent journalist Brian Krebs, retail giant Target was hit with a major theft of customers’ credit-card and debit-card data captured in stores during the Black Friday weekend.

The company has nearly 1,800 stores in the United States and over 100 in Canada.

"The Secret Service is investigating—we have no further comment as it is an ongoing investigation," Brian Leary, a Secret Service spokesperson, told Ars.

Ars has contacted Visa and MasterCard, as well as credit agencies Experian and Equifax, but received no immediate reply.

Sherfoon Kassimlakha, a Target spokesperson, told Ars that she had no comment concerning the allegations but said that someone else from the company would follow up.

Krebs, citing two unnamed sources, reported that “the breach was initially thought to have extended from just after Thanksgiving 2013 to Dec. 6. But over the past few days, investigators have unearthed evidence that the breach extended at least an additional week—possibly as far as Dec. 15. According to sources, the breach affected an unknown number of Target customers who shopped at the company’s main street stores during that timeframe.

This isn't the first potentially massive credit card breach in recent memory. Millions of cards were compromised last year in a breach at Global Payments, a data processor. And as we reported previously, in 2004 CardSystems Solutions was hacked and exposed data for as many as 40 million cards, making it one of the biggest credit card data breaches at the time. With that hack, the processor came under blistering criticism for taking months to detect and report the intrusion and storing customer data in unencrypted formats.