Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Target Data Breach Affected 70 Million Customers, Included Phone Numbers and Email Addresses

Target said Friday that its recent data breach affected roughly 70 million customers, significantly more than the 40 million originally estimated.

The retail giant also said that its ongoing data breach investigation found that stolen information includes names, mailing addresses, phone numbers and email addresses.

Target said Friday that its recent data breach affected roughly 70 million customers, significantly more than the 40 million originally estimated.

The retail giant also said that its ongoing data breach investigation found that stolen information includes names, mailing addresses, phone numbers and email addresses.

“Much of this data is partial in nature, but in cases where Target has an email address, the Company will attempt to contact affected guests,” the announcement said. “This communication will be informational, including tips to guard against consumer scams.”

Analyzing the Target Data Breach

With 70 million customers affected, the Target data breach now passes TJX on the list of the largest credit and debit card breaches in history. The high profile data breach at TXJ Companies in 2006 affected roughly 46 million customers.

Along with providing additional details on the data breach, Target said the incident affected December sales and lowered its fourth-quarter earnings outlook as a result.

The company said it experienced “meaningfully weaker-than-expected sales” since announcing the data breach on Dec 19. 

Target, which is working with the United States Secret Service and the Department of Justice to investigate to investigate the incident, confirmed on Dec. 27 that encrypted PIN data from card transactions was also accessed by hackers.

RelatedExperts Debate How Hackers Stole 40 Million Card Numbers from Target

“I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this,” Gregg Steinhafel, Target chairman, president and chief executive, said in a statement.

Target reiterated that its customers would have “zero liability” related to any fraudulent charges stemming from the breach.

Target said it has not yet been able estimate the costs, or a range of costs, related to the data breach. However, the company said expenses related to the massive breach may include liabilities to payment card networks for reimbursements of credit card fraud and card reissuance costs, liabilities related to REDcard fraud and card re-issuance, liabilities from civil litigation, governmental investigations and enforcement proceedings, expenses for legal, investigative and consulting fees, and incremental expenses and capital investments for remediation activities.

“These costs may have a material adverse effect on Target’s results of operations in fourth quarter 2013 and/or future periods,” the company said.

Target is offering a free year of credit monitoring and identity theft protection to all customers who shopped its U.S. stores, and will have three months to enroll in the program.

Additional details are available from the Target Web site.

RelatedExperts Debate How Hackers Stole 40 Million Card Numbers from Target

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.