On January 10, 2014, Target Corporation announced that its massive pre-holiday data breach was worse than initially reported. The Minneapolis-based retailer reveals that the breach impacted much more consumer information than previously stated. On December 20, 2014, Target made known an “unauthorized access” to the credit and debit card data of 40 million customers. Now the retailer admits that the breach compromised as many as 70 million individuals.
Target’s earlier announcement disclosed an unlawful acquisition of credit and debit card information, which includes customers’ names, PIN data, and three-digit security codes. However, now the corporate giant concedes that thieves stole customers’ names, mailing addresses, and e-mail addresses as well. The data breach impacts individuals who shopped at Target in the United States between November 27 and December 15, 2014.
As a solution, Target promises to offer free credit monitoring and identity theft protection to all “guests.” The press release is as follows:
Target Provides Update on Data Breach and Financial Performance
Company extends credit monitoring and identity theft protection to all guests
MINNEAPOLIS — January 10, 2014
Target today announced updates on its continuing investigation into the recent data breach and its expected fourth quarter financial performance.
As part of Target’s ongoing forensic investigation, it has been determined that certain guest information — separate from the payment card data previously disclosed — was taken during the data breach.
This theft is not a new breach, but was uncovered as part of the ongoing investigation. At this time, the investigation has determined that the stolen information includes names, mailing addresses, phone numbers or email addresses for up to 70 million individuals.
Much of this data is partial in nature, but in cases where Target has an email address, the Company will attempt to contact affected guests. This communication will be informational, including tips to guard against consumer scams. Target will not ask those guests to provide any personal information as part of that communication. In addition, guests can find the tips on our website.
“I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this,” said Gregg Steinhafel, chairman, president and chief executive officer, Target. “I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team.”
Guests will have zero liability for the cost of any fraudulent charges arising from the breach. To provide further peace of mind, Target is offering one year of free credit monitoring and identity theft protection to all guests who shopped our U.S. stores. Guests will have three months to enroll in the program. Additional details will be shared next week. To learn more, please go to target.com/databreach.