Target has revealed in a statement today that the 2013 data security breach didn’t just snare 40 million customers. The number is pegged far higher at 70 million. This makes the theft one of the largest of its kind. In addition to raising the number of customers affected, Target also revealed that “certain guest information” was also acquired by the digital thieves and that includes names, phone numbers, mailing addresses and email addresses as well.
UPDATE: Sources are now saying the breach could affect up to 110 million customers.
“I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this,” said Gregg Steinhafel, chairman, president and chief executive officer, Target. “I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team.”
Guests will have zero liability for the cost of any fraudulent charges arising from the breach. To provide further peace of mind, Target is offering one year of free credit monitoring and identity theft protection to all guests who shopped our U.S. stores. Guests will have three months to enroll in the program. Additional details will be shared next week. To learn more, please go to target.com/databreach.
In cases where Target believes email addresses were stolen, Target will be reaching out to those customers (Target calls its customers “guests” to provide tips on how to avoid being caught up in credit card scams.
In its fourth quarter outlook, Target said that sales for the annual holiday shopping season were doing better than projected prior to news of the breach, but as expected they fell off dramatically.
The data breach at Target began on November 27, just before Black Friday, the biggest shopping day of the year in the US and continued through December 15. Krebs on Security broke the news that quickly cast a pall on the holiday shopping season for many. Target at first thought customer PIN data was not taken in the theft, but later revealed it had been swiped. With the release of news that other guest information was taken as well, along with the numbers, this continues to make this story one to follow in the coming months as ramifications will be unfolding over time.
Quickly after news of the data breach broke it was revealed that stolen credit cards were already being sold on the Internet. Various banks began taking action to protect their customers and their own liability by placing limits on purchases and cash withdrawals, causing some further disruption.