Updated, 3:05 p.m.
Target's data breach over the crucial holiday selling season was even
worse than expected. Up to an additional 70 million customers had their
personal information stolen in the breach, bringing the total
potentially affected up to 110 million, the retailer said Friday.
announced last month that encrypted personal identification numbers
were stolen for up to 40 million credit and debit cards in the breach.
Now its investigation finds "that the stolen information includes names,
mailing addresses, phone numbers or email addresses for up to 70
"I know that it is frustrating for our
guests to learn that this information was taken and we are truly sorry
they are having to endure this," Target CEO Gregg Steinhafel said in a
with the encrypted PIN data, Target previously said that data thieves
stole customer names, credit and debit card numbers, card expiration
dates and the embedded code on the magnetic strip on the back of cards
used at Target between Nov. 27 and Dec. 15.
There may be overlap
in customers who had both personal identification information stolen as
well as credit and debit card data, but Target doesn't know to what
extent, says spokesperson Molly Snyder.
News of the additional
stolen data brings the total number of potential customers affected up
to 110 million, and may increase the threat of identity theft, says Greg
McBride, senior financial analyst at Bankrate.com.
to actually go out and open credit in your name, it's pretty tough to do
if they don't have your social (security number)," he says. "But if
they have your social and have all this other stuff too, it compounds
Customers involved are also at greater risk of being targeted by email scams, he says.
To give "peace of mind," the Minneapolis-based retailer will offer free credit monitoring and identity theft protection to all its customers, with an opportunity to enroll over the next three months.
Target shares were down 1.2% to $62.56 in afternoon trading.
Target customers who had their information stolen, the incident has
meant hours spent speaking with banking customer service
representatives, having to close accounts, be issued new credit and
debit cards - and updating online accounts with the new information -
and file identity theft reports.
Karen Raper, 46, from Lula, Ga.,
spent two hours talking to her bank on Christmas Eve after it notified
her of suspicious activity showing up on her account from Ohio. Raper
had shopped at Target on Black Friday, buying a camera for her daughter.
Fifth Third Bank closed her account, will refund her the $300 that was
charged and issue her a new card. But Raper says she's reluctant to head
back to Target.
Kim Thompson, 39, says the situation makes her
"angry, frustrated, and concerned." Thompson, from Memphis, used her
debit card to purchase groceries at Target at the beginning of December.
She says she'll continue to shop there because it's convenient, but
that she'll only use cash.
"This is a lesson to just sort of all
of us to be constantly monitoring your accounts for unauthorized
transactions," McBride says. "Because you have no liability as long as
you report that to your financial institution."
Others are put off
by a seeming lack of communication from Target. Those interviewed by
USA TODAY say the first time they heard their information was
compromised was, in most cases, from their bank, not the retailer.
"If Target does anything, it just seems like I have to either look it up or hear about it second hand," says Jackie Chavez, 40.
from El Paso, shopped at Target on Black Friday and found out after
Christmas from her bank that there was suspicious activity on her
Target emailed customers it thought were affected, and
for whom it had email addresses, in the days after the breach was first
announced Dec. 19. Snyder says that amounted to "millions of emails." It
will do the same for the additional customers it's now found to be
involved. The company also created a dedicated page on its website for
the data breach, including resources about identity theft and credit
most recent announcement about the breach comes amid news of an
unsuccessful holiday season for retailers and follows other
disappointments at Target. Target lowered its fourth quarter guidance
Friday, expecting a comparable store sales decline of 2.5%. It
previously said sales would be flat.
Target also revealed at the
end of December that some gift cards sold during the holidays weren't
fully activated, but that it would still honor the faulty cards.
retailer will close eight stores in May. The stores are in West Dundee,
Ill.; Las Vegas, Nev.; North Las Vegas, Nev.; Duluth, Ga.; Memphis,
Tenn.; Orange Park, Fla.; Middletown, Ohio; and Trotwood, Ohio.
Contributing: Kevin McCoy