Target announced Thursday that it had suffered a massive data breach that affected at least 40 million of the customers who visited its stores during the height of the holiday shopping season. The company says that it has resolved the problem and that its systems are now secure. But for those who may have been affected by the breach, here’s what you need to know.

Q: What was taken?

A: The retailer said customer names, debit or credit card numbers and card expiration dates were taken, along with the three-digit security codes often imprinted on the backs of cards, known as CVVs. The attack affects shoppers who visited Target stores between Nov. 27 and Dec. 15.

Q: Does this affect only people using Target-issued credit cards?

A: No, customers who used any credit or debit card could be affected.

Q: Wait, what if I purchased something from Target online?

A: Target has said that the attack only affected shoppers who were in stores, not those who visited the Web site.

Q: What should I do if I’m at risk?

A: First, check to see if there are any strange charges on your credit card. Keep an eye on your transactions for a long time, as hackers who take big swaths of data like this are looking to sell them to criminals, meaning your information could stay on the marketplace for awhile.

Debit card users may also want to take the extra precaution of calling their banks to get their PIN numbers changed, said JD Sherry, vice president of technology and solutions for the security firm Trend Micro. Target has said there is no indication that PIN numbers were also taken in the attack, but it may be a precaution worth taking for all debit card users, he said.

Q: Okay, there’s some fishy activity. What should I do now?

A: If there are charges you didn’t make, report them to your bank or credit card company immediately. The sooner you’re able to flag bad transactions, the better — people aren’t liable for fraudulent transactions made in their names. Representatives from Visa, American Express, Chase and Bank of America have all told The Washington Post that they are aware of the breach and are on alert to head off fraudulent transactions.

Target has also set up a hotline for those who think they may have been affected by the breach. Target customers who have noticed irregular activity on their accounts should call 1-866-852-8680.

In a note to customers on its corporate site, the company also advises Maryland residents that they can contact the state attorney general’s office for information on identity theft.

Q: How can I protect myself in the future?

A: This was an attack on Target’s internal systems, so it’s hard for consumers to take steps to protect themselves from this kind of theft in the future. It’s always a good idea to keep an eye on your bank account for unusual charges and to report those immediately.