Millions of people shopped at Target between Nov. 27 and Dec. 15, when one or more nefarious intruders bypassed the retail chain’s security measures and stole data from at least 40 million credit and debit cards. Apparently, the breach affected everyone who used a card to purchase something at one of Target’s 1,800 U.S. stores in that time period.

The nightmare before Christmas continues for Target. Stolen Target customer information from a security breach involving its in-store point-of-sale systems has already begun flooding the black market, according to numerous people in the fraud industry tracking the situation.