Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Target Data Breach Affected 70 Million Customers, Included Phone Numbers and Email Addresses

Target said Friday that its recent data breach affected roughly 70 million customers, significantly more than the 40 million originally estimated.

The retail giant also said that its ongoing data breach investigation found that stolen information includes names, mailing addresses, phone numbers and email addresses.

Target said Friday that its recent data breach affected roughly 70 million customers, significantly more than the 40 million originally estimated.

The retail giant also said that its ongoing data breach investigation found that stolen information includes names, mailing addresses, phone numbers and email addresses.

“Much of this data is partial in nature, but in cases where Target has an email address, the Company will attempt to contact affected guests,” the announcement said. “This communication will be informational, including tips to guard against consumer scams.”

Analyzing the Target Data Breach

With 70 million customers affected, the Target data breach now passes TJX on the list of the largest credit and debit card breaches in history. The high profile data breach at TXJ Companies in 2006 affected roughly 46 million customers.

Along with providing additional details on the data breach, Target said the incident affected December sales and lowered its fourth-quarter earnings outlook as a result.

The company said it experienced “meaningfully weaker-than-expected sales” since announcing the data breach on Dec 19. 

Target, which is working with the United States Secret Service and the Department of Justice to investigate to investigate the incident, confirmed on Dec. 27 that encrypted PIN data from card transactions was also accessed by hackers.

RelatedExperts Debate How Hackers Stole 40 Million Card Numbers from Target

Advertisement. Scroll to continue reading.

“I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this,” Gregg Steinhafel, Target chairman, president and chief executive, said in a statement.

Target reiterated that its customers would have “zero liability” related to any fraudulent charges stemming from the breach.

Target said it has not yet been able estimate the costs, or a range of costs, related to the data breach. However, the company said expenses related to the massive breach may include liabilities to payment card networks for reimbursements of credit card fraud and card reissuance costs, liabilities related to REDcard fraud and card re-issuance, liabilities from civil litigation, governmental investigations and enforcement proceedings, expenses for legal, investigative and consulting fees, and incremental expenses and capital investments for remediation activities.

“These costs may have a material adverse effect on Target’s results of operations in fourth quarter 2013 and/or future periods,” the company said.

Target is offering a free year of credit monitoring and identity theft protection to all customers who shopped its U.S. stores, and will have three months to enroll in the program.

Additional details are available from the Target Web site.

RelatedExperts Debate How Hackers Stole 40 Million Card Numbers from Target

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

SAP security firm SecurityBridge announced the appointment of Roman Schubiger as the company’s new CRO.

Cybersecurity training and simulations provider SimSpace has appointed Peter Lee as Chief Executive Officer.

Orchid Security has appointed a new Chief Product Officer and three advisors.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.