It is literally the nightmare before Christmas. Giant retailer Target revealed this week that credit card information on up to 40 million customers may have been stolen in a massive data hack that occurred before Thanksgiving. Target confirmed early Thursday that its security systems were breached from the day before Thanksgiving through Dec. 15. Stolen information includes the customer’s name, his or her card number, the expiration date and three-digit CVN security code, Target said. The dates would include between Nov. 27 and December 15. Target said customers should examine card statements.

“If you shopped at Target between Nov. 27 and Dec. 15, you should check your account for any suspicious or unusual activity,” Target wrote. “If you see something that appears fraudulent, REDcard holders should contact Target (866-852-8680), others should contact their banks” or credit card companies.

The latest breach is similar in size and scope to one in 2007 that took data from between 47 and 90 million cards from TJX – the company that operates TJ Maxx and Marshals. TJX later made a $9.75 million settlement with 41 states to cover the costs of their investigations into the breach and to upgrade insecure wireless networks that hackers used to penetrate into the network.