A data hack at U.S. Target stores--from November 27 to December 15, 2013--exposes millions of credit and debit card customers to fraud through a compromised point-of-sale system.

Target acknowledges the breach of information publicly and says the matter is under investigation and that information accessed included customer names, credit or debit card numbers used, their expiration dates and encrypted security codes.

Target says that some additional 70 million customers had their personal information stolen during the holiday data breach. The stolen information may include names, mailing addresses, phone numbers or emails. In addition, Neiman Marcus admitted to security researcher Brian Krebs that it had also experienced a data breach involving customers' credit and debit card data.

Target invests $5 million to support a new cyber security coalition to educate consumers and announced it would pay for one year of credit monitoring services and identity theft protection by Experian.

IntelCrawler identifies two Russian hackers as the developers of the POS malware used in the Target and Neiman Marcus data breaches. IntelCrawler also confirms 6 additional unnamed retailers have been hit with data breaches similar to that of Target.

A Pennsylvania-based heating and refrigeration contractor that services Target stores confirmed it was "a victim of a sophisticated cyber attack operation," which could be how the hackers gained access to Target's systems. Fazio Mechanical Services acknowledged it had access to Target's network for electronic billing and project management purposes. It is suspected that thieves used Fazio's vendor credentials to access Target's network and upload their malware to cash registers.

The National Cyber Investigative Joint Task Force issues a report saying the recent cyber attacks on retailers were not part of coordinated attack. The NCIJTF said it is tracking and coordinating investigations by the government and retail industry concerning security breaches at stores' POS systems, and believe a third party is responsible for the attacks.