Timeline of Target's data breach

Nov. 27 to Dec. 15Cyberthieves gain access to information on millions of debit and credit cards from Target customers.

Dec. 18Target CEO, Gregg Steinhafel, issues a rare statement on holiday sales, saying, "We are pleased with Target's holiday performance."

Dec. 18Computer security blogger Brian Krebs posts story saying Target is confronting a security breach involving millions of debit and credit cards.

Dec. 18A spokeswoman for American Express confirms the data breach sayings they've launched their own investigation.

Dec. 18The Secret Service confirms to other media sources it has begun its own investigation.

Dec. 19Target confirms that credit and debit cards information of 40 million customers may have been exposed.

Dec. 20Steinhafel issues an apology to customers and offers a discount to shoppers for the weekend.

Dec. 23U.S. Department of Justice steps into investigation.

Dec. 23Target says the data breach involved malicious software on the point-of-sale card-swiping devices in the checkout aisles of its stores.

Dec. 27Target acknowledges that, contrary to early reports, personal identification numbers to debit and credit cards were also exposed.

Jan. 3TCF Bank joins other banks in "replace-them-all approach" to Target's security breach, will issue new cards to its affected customers.

Jan. 10Target announces that personal information of 70 million customers also exposed during the breach, but the amount of overlap with the financial data of 40 million people is unclear. At worst, data of up to 110 million people was accessed from Target's system.