US retailer Target has revealed about 40 million credit and debit cards may have been compromised by a data breach at the height of the holiday shopping season.