Target confirmed Thursday morning that it’s aware of a data breach that affected 40 million of its shoppers.

The theft — which began on Nov. 27 and lasted until the middle of this month — reportedly involves people that shopped at Target’s brick and mortar stores, not online.

The nationwide retailer says it’s making it right.

“Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause,” said Gregg Steinhafel, Target’s chairman, president and chief executive officer, in a press release. “We take this matter very seriously and are working with law enforcement to bring those responsible to justice.”

The release was issued less than a day after information security reporter Brian Krebs broke the story.

Criminals, he said Wednesday, cracked Target’s security and ripped off millions of cardholder’s track data. That information, which can be resold on the black market, is typically used to create fraudulent cards.