The retailer now says that information taken in December’s security lapse includes names, phone numbers, and postal and e-mail addresses, and could affect up to one-third of the US population.
January 10, 2014 11:48 AM PST
Target’s data breach is much broader than once believed.
The nationwide retailer on Friday announced that personal information on as many as 70 million additional customers was stolen as part of the company’s payment card data breach.
The information stolen includes names, mailing addresses, phone numbers, and e-mail addresses, the company said.
While Target spokesperson Molly Snyder said that there could be some overlap with the approximately 40 million people first said to be affected by the breach in December, the new total of people impacted by the breach could be as high as 110 million.
“I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this,” Gregg Steinhafel, chairman, president and chief executive officer at Target, said in a statement. “I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team.”
Leahy’s perennial data privacy bill gets another shot
Two iPods at two different Target stores (both full of erasers?)
Target: Encrypted PINs stolen but not encryption key
Top state attorneys scrutinize Target data breach
Target data stolen in hack showing up on black market
Friday’s news is the latest blow to Target, which in December revealed that hackers had stolen approximately 40 million credit and debit card numbers. Target said at the time that it believed the data stolen came from transactions made between November 27 and December 15.
Not surprisingly, hackers moved quickly to take advantage of the stolen information and put the information on the black market.
According to reports, following the Target breach there was a <a href="http://redirect.viglink.com?key=11fe087258b6fc0532a5ccfc924805c0&u=http%3A%2F%2Fnews.cnet.com%2F8301-1009_3-57616201-83%2Ftarget-data-stolen-in-hack-showing-up-on-black-market%2F%22%3E"ten-to-twentyfold increase" in stolen cards available on underground markets.
Target, which has nearly 1,800 stores in the US, said Friday that affected customers will suffer no liability for any fraudulent charges.
The company will also offer one free year of credit monitoring and identity theft protection.
One other note from Target: the company was forced to lower its fourth-quarter sales forecast, saying that it experienced “meaningfully weaker-than-expected sales” following the data-breach announcement.
CNET Senior Writer Seth Rosenblatt contributed to this report.
Update at 11:48 a.m.
Added Target’s revised upward estimate of customers potentially affected.
The story was originally posted at 5:50 a.m. PT.