boot13(Correction: the original title of this post indicated that online shoppers were affected. In fact, according to Target, only customers who used credit cards for in-store purchases are at risk.)
… then you should consider cancelling the credit card you used. Data for as many as 40,000 credit cards, stolen from Target servers in early December, is already appearing on black market sites. Target says card numbers, names and expiry dates were taken, not the associated security codes, so the numbers can’t be used just anywhere. But they will be used, since not all retailers use the security code.
Update 2013Dec29: Brian Krebs of krebsonsecurity.com did some digging and has almost certainly identified one specific individual who is selling card data stolen from Target. His name is Andrey Hodirevski, and he’s been in this shady business for a while in the Ukraine. It’s not clear whether he stole the card data from Target, but he’s selling it so he probably knows who did. It will be interesting to see how this plays out…
Update 2014Jan01: Now Target is saying that PIN codes were stolen along with the rest of the card data. They insist that since the PINs are encrypted, they are of no use, but Target should not have been storing PINs in any form.
Update 2014Jan11: Target now says that additional personal information on 70 million customers was also stolen by the same attackers. This information includes names, mailing addresses, phone numbers and/or e-mail addresses.
Update 2014Mar29: Trustwave, the company that provides PCI compliance services to Target, is being sued by two banks that suffered losses in relation to the Target breach.
Additional information from Ars Technica: