Target Data Breach Worse than Feared
North American retail chain Target, which last month revealed
a data breach occurred at its US stores
during the key Thanksgiving and pre-Christmas shopping period, admitted that the incident was worse than its initial estimate suggested.
The company now believes that personal information, including phone numbers as well as email and mailing addresses, was stolen from as many as 70m customers over the period of 27 November to 15 December last year. Target had previously indicated that up to 40m accounts could have been affected.
The chain added that the breach had adversely impacted on sales and reduced its forecast for fourth-quarter earnings.
Target updated customers, saying that its ongoing investigation of the breach reveals that more personal information had been stolen than it was previously aware of and more customers were affected. It previously disclosed to customers that names, credit and debit card numbers, card expiration dates, personal identification numbers (PINs) and the embedded code on the magnetic strip on the back of cards had been stolen.
“I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this,”, the company’s chairman, president and chief executive (CEO), Gregg Steinhafel, said in a statement.
Target confirmed that customers will not incur liability for the cost of any fraudulent charges resulting from the breach. The company will contact customers it has email addresses for to provide tips on how to safeguard against consumer scams, but will not ask them for any personal information during its email communications.
Customers are also being offered a year of free credit monitoring and identity theft protection to customers that shopped at its stores. Individuals will have three months to enroll in the programme. Target will provide further details next week.