Target’s massive credit card breach reported last month may be worse than previously thought. Today, the company disclosed the attack affected as many as 70 million individuals, whose names, mailing addresses, phone numbers and emails have been stolen. This customer information was taken during the attack in addition to the payment card data. As many as 40 million credit and debit cards were reported stolen last month.
The retailer clarifies this is not a new breach, but a theft discovered as a part of the ongoing investigation into the hack which used compromised point-of-sale terminals to get at customer data during the busiest shopping season of the year.
The breach, which occurred from November 27 to December 15, is one of the largest, and most high-profile attacks in recent years. Thieves made off with customer names and account data, including credit and debit card numbers, expiration dates, the three-digit CVV security code, and even PIN data for 40 million account holders. Target may be liable for up to $3.6 billion as a result of this attack, it’s been said. The company’s name has also been sullied in the eyes of consumers, who have lost trust in Target’s security measures.
In a statement released this morning, Target said that much of this additional stolen data is “partial in nature,” but in the case where the retailer has customer email addresses, it will attempt to contact those affected customers and alert them to the issue. The email will provide consumer protection information, like how to guard against scams, and will remind customers that Target will never ask for a customer’s personal information via an email message.
“I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this,” said Gregg Steinhafel, Target chairman, president and chief executive officer, in a statement today. The company added that Target shoppers will have zero liability for any of the fraudulent charges arising from this breach, and is also offering a year of free credit monitoring and identity theft protection to all who shopped Target’s U.S. stores when the attack occurred.
Target also said that the breach will impact company earnings. Before the attack, the company had been on track for stronger-than-expected fourth quarter sales. Now it’s saying it expects to see a Q4 comparable sales decline of 2.5%.