Chicago Tribune reports on a major credit card breach of Target’s customers. Payment card data was stolen starting from the Black Friday weekend.

Investigators believe the data was obtained via software installed on machines that customers use to swipe magnetic strips on their cards when paying for merchandise at Target stores, according to the person who was not authorized to discuss the matter and declined to provide further details.

Krebs on Security, a closely watched security industry blog that broke the news, said the breach involved nearly all of Target’s 1,797 stores in the United States, citing sources at two credit card issuers. The report said that “track data” from at least 1 million payment cards was thought to have been stolen before Target uncovered the operation, but that the number could be significantly higher.

It is a major security breach for the attackers to be able to compromise so many point-of-sales terminals across the US.

Update: Target has confirmed the breach.