The hack of Target's payment systems hit in the peak shopping season and compromised 40 million customers' payment information.
The discount retailer acknowledged on late last week that the hack began on Black Friday and stretched more than two weeks to December 15.
Here's what we know:
-- The breach: Hackers infected Target's payment systems with malicious software. The company is cooperating with federal authorities, including the Secret Service and Department of Justice, and is withholding additional details at the request of law enforcement.
-- Where did it happen: The hack was limited customers shopping in U.S. Target ( stores )with credit and debit cards. Online purchases were not involved.
-- What got stolen: Hackers stole customer names, credit or debit card numbers, expiration dates, card security codes and PIN codes, Target said. Other customer information like Social Security numbers and employee records were not compromised, according to Target.
-- Target customers: The company has notified "millions" of affected customers for whom Target has email addresses. CEO Gregg Steinhafel said "the cause of this issue has been addressed and you can shop with confidence at Target."
-- Banks: Target also notified credit and debit card issuers, many of which said they were monitoring customer accounts for fraudulent activity. Chase initially set low daily withdrawal and spending limits on its cards, though it adjusted those limits late Monday.
-- Lawsuits: At least two dozen federal class action lawsuits have been filed in a handful of states alleging the retailer was negligent and did not adequately protect customer privacy.
-- State AGs: Target said its legal team held a conference call with most states' attorneys general on Monday afternoon.
-- More fallout: Target has hired a private firm to review its information security and two U.S. senators called for consumer protection agencies to investigate.
-- What's the risk: Thieves with access to your credit card or debit card data could make purchases using your account. Target officials say that PIN numbers on debit cards were encrypted when they were stolen. That means it is very unlikely that thieves would be able to withdraw money from ATMs.
You are generally not on the hook for fraudulent credit card purchases, as long as you quickly notify your bank. Consumers are protected from certain instances of debit card fraud as well, but cash withdrawals and purchases made with a PIN can be tricky to reverse.
-- What you should do: Consumer watchdogs say customers should check their credit card statements, including for small purchases that could indicate fraudsters are verifying an account is still active. Customers should also contact their banks to request a replacement card -- if one isn't already on the way -- and change their PIN.
-- How to contact Target: Customers concerned about the breach could call Target, and customer service teams would be available on Christmas, Snyder said. The company said additional information would be available at corporate.target.com, by phone at 1-800-440-0680, and on Twitter @Target.