X

Yikes! Target's data breach now could affect 110M people

The retailer now says that information taken in December's security lapse includes names, phone numbers, and postal and e-mail addresses, and could affect up to one-third of the US population.

Don Reisinger
CNET contributor Don Reisinger is a technology columnist who has covered everything from HDTVs to computers to Flowbee Haircut Systems. Besides his work with CNET, Don's work has been featured in a variety of other publications including PC World and a host of Ziff-Davis publications.
Don Reisinger
2 min read
Target

Target's data breach is much broader than once believed.

The nationwide retailer on Friday announced that personal information on as many as 70 million additional customers was stolen as part of the company's payment card data breach. The information stolen includes names, mailing addresses, phone numbers, and e-mail addresses, the company said.

While Target spokesperson Molly Snyder said that there could be some overlap with the approximately 40 million people first said to be affected by the breach in December, the new total of people impacted by the breach could be as high as 110 million.

"I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this," Gregg Steinhafel, chairman, president and chief executive officer at Target, said in a statement. "I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team."

Friday's news is the latest blow to Target, which in December revealed that hackers had stolen approximately 40 million credit and debit card numbers. Target said at the time that it believed the data stolen came from transactions made between November 27 and December 15.

Not surprisingly, hackers moved quickly to take advantage of the stolen information and put the information on the black market. According to reports, following the Target breach there was a "ten-to-twentyfold increase" in stolen cards available on underground markets.

Target, which has nearly 1,800 stores in the US, said Friday that affected customers will suffer no liability for any fraudulent charges. The company will also offer one free year of credit monitoring and identity theft protection.

One other note from Target: the company was forced to lower its fourth-quarter sales forecast, saying that it experienced "meaningfully weaker-than-expected sales" following the data-breach announcement.

CNET Senior Writer Seth Rosenblatt contributed to this report.

Update at 11:48 a.m. Added Target's revised upward estimate of customers potentially affected. The story was originally posted at 5:50 a.m. PT.