U.S. retail giant Target is investigating a data breach, which may potentially involve records of millions of customers' credit and debit cards being stolen.

The sophisticated hack into Target's systems is said to have taken place over several weeks, which is believed to have started on November 27, extending till December 15.

KrebsOnSecurity cites reliable sources at two different top 10 credit card issuers in the country and says that the breach extends to nearly all Target locations in the country. KrebsOnSecurity reports that the breach may have affected uncountable number of customers who have shopped at the bricks-and-mortar Target shops over the last few weeks.

"The breach window is definitely expanding," said one anti-fraud analyst at a top ten U.S. bank card issuer who asked to remain anonymous. "We can't say for sure that all stores were impacted, but we do see customers all over the U.S. that were victimized."

KrebsOnSecurity said it is not aware if customers who shopped at Target's online store were also affected by the recent breach.

The KrebsOnSecurity report says that the type of data stolen from Target is known as "track data," which allows hackers to generate a counterfeit card by encoding the information onto any card with a magnetic stripe. Moreover, if the hackers were able to intercept PIN data for debit transactions, they may also recreate stolen debit cards and use them to withdraw money from ATMs.

"It's not clear how many cards thieves may have stolen in the breach. But the sources I spoke with from two major card issuers said they have so far been notified by one of the credit card associations regarding more than one million cards total from both issuers that were thought to have been compromised in the breach. A third source at a data breach investigation firm said it appears that 'when all is said and done, this one will put its mark up there with some of the largest retail breaches to date,'" reported Brian Krebs of KrebsOnSecurity.

Target said it is working closely with law enforcement agencies to bring the culprits to justice. "We are partnering with a leading third-party forensics firm to conduct a thorough investigation of the incident and to examine additional measures we can take that would be designed to help prevent incidents of this kind in the future," the company said in a statement. "Additionally, Target alerted authorities and financial institutions immediately after we discovered and confirmed the unauthorized access, and we are putting our full resources behind these efforts."

"Target's first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence," Target CEO Gregg Steinhafel said in a statement.

Brian Leary, a spokesman for the Secret Service in Washington, said the agency is investigating the incident but refused to comment further on the matter.

Shares of the comopany were down 1.90 percent at $62.34 on the NYSE during morning trading session on NYSE on Thursday.