Target Breach: 70 Million AffectedAttack Compromised E-Mail Addresses, Other PII
The scope of the Target Corp. breach continues to grow. In a quarterly earnings statement issued Jan. 10, the retailer notes that in addition to the 40 million credit and debit numbers that were likely exposed, so was information such as names, mailing addresses, phone numbers and e-mail addresses for up to 70 million individuals.
See Also: The Global State of Online Digital Trust
"I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this," said Gregg Steinhafel, Target's chairman, president and chief executive officer. "I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team."
The likely exposure of the additional data was discovered during the company's forensics investigation of the breach.
"Much of this data is partial in nature," Target states. "The company will attempt to contact affected guests. This communication will be informational, including tips to guard against consumer scams. Target will not ask those guests to provide any personal information as part of that communication."
The statement from Target does not reveal how the additional data was exposed or accessed during the breach.
Free Credit Monitoring
Target also reiterates that its customers will not be liable for any fraudulent charges that result from breached data. The retailer is offering one year of free credit monitoring and identity theft protection "to all Target guests who shopped our U.S. stores," according to the statement. Target customers will have three months to enroll in the program, the retailer says.
"In light of the recent data breach, our top priority is taking care of our guests and helping them feel confident in shopping at Target," says John Mulligan, Target's executive vice president and chief financial officer.
How much this breach will ultimately cost Target remains to be seen, Mulligan adds. Costs related to the data breach may include liabilities to payment card networks for card fraud and card reissuance expenses; liabilities related to REDcard fraud and card re-issuance; liabilities from civil litigation, governmental investigations and enforcement proceedings; expenses for legal, investigative and consulting fees; and incremental expenses and capital investments for remediation activities. These costs may have an adverse effect on Target's fourth quarter and future earnings, he says.