Target says about 40 million credit and debit card accounts may have been affected by a data breach.

The chain the accounts may have been impacted between Nov. 27 and Dec. 15.

The data breach might have occurred through software installed at machines customers use to swipe their cards when paying, an unidentified source told Dow Jones.

The Minneapolis company said it immediately told authorities and financial institutions once it became aware of the breach and that it is teaming with a third-party forensics firm to investigate the matter.

Target Corp. said that customers who made purchases at its U.S. stores during the impacted period and suspected unauthorized activity should call them at 866-852-8680