Target Corporation has confirmed a data breach affecting approximately 12 million customer accounts tied to its online shopping platform. The breach, which occurred between February and March 2026, exposed email addresses, hashed passwords, purchase histories, and partial payment information.
The company's security team identified the intrusion after detecting unusual API activity on its e-commerce backend. Investigators believe the attackers exploited a vulnerability in a third-party payment processing integration.
Target has forced password resets for all affected accounts and is offering one year of identity monitoring services. The company has also engaged external forensic investigators to determine the full scope of the incident.
