Target said Friday that its recent data breach affected roughly 70 million customers, significantly more than the 40 million originally estimated.
The retail giant also said that its ongoing data breach investigation found that stolen information includes names, mailing addresses, phone numbers and email addresses.
“Much of this data is partial in nature, but in cases where Target has an email address, the Company will attempt to contact affected guests,” the announcement said. “This communication will be informational, including tips to guard against consumer scams.”
With 70 million customers affected, the Target data breach now passes TJX on the list of the largest credit and debit card breaches in history. The high profile data breach at TXJ Companies in 2006 affected roughly 46 million customers.
Along with providing additional details on the data breach, Target said the incident affected December sales and lowered its fourth-quarter earnings outlook as a result.
The company said it experienced “meaningfully weaker-than-expected sales” since announcing the data breach on Dec 19.
Target, which is working with the United States Secret Service and the Department of Justice to investigate to investigate the incident, confirmed on Dec. 27 that encrypted PIN data from card transactions was also accessed by hackers.
Related:Experts Debate How Hackers Stole 40 Million Card Numbers from Target
“I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this,” Gregg Steinhafel, Target chairman, president and chief executive, said in a statement.
Target reiterated that its customers would have “zero liability” related to any fraudulent charges stemming from the breach.
Target said it has not yet been able estimate the costs, or a range of costs, related to the data breach. However, the company said expenses related to the massive breach may include liabilities to payment card networks for reimbursements of credit card fraud and card reissuance costs, liabilities related to REDcard fraud and card re-issuance, liabilities from civil litigation, governmental investigations and enforcement proceedings, expenses for legal, investigative and consulting fees, and incremental expenses and capital investments for remediation activities.
“These costs may have a material adverse effect on Target’s results of operations in fourth quarter 2013 and/or future periods,” the company said.
Target is offering a free year of credit monitoring and identity theft protection to all customers who shopped its U.S. stores, and will have three months to enroll in the program.
Additional details are available from the Target Web site.
Related:Experts Debate How Hackers Stole 40 Million Card Numbers from Target
Tweet
Managing Editor, SecurityWeek.Previous Columns by Mike Lennon:Target Data Breach Affected 70 Million Customers, Included Phone Numbers and Email AddressesYahoo Enables HTTPS Encryption by Default for Yahoo MailFireEye Looks to Build Cybersecurity Powerhouse With $1 Billion Acquisition of MandiantIntel to Replace McAfee Brand with Intel SecurityBruce Schneier Joins Startup Co3 Systems as CTO
sponsored links
Tags: Incident Management
Data Protection
