Target Breach: 70 Million Affected

Attack Compromised E-Mail Addresses, Other PII
Target Breach: 70 Million Affected

The scope of the Target Corp. breach continues to grow. In a quarterly earnings statement issued Jan. 10, the retailer notes that in addition to the 40 million credit and debit numbers that were likely exposed, so was information such as names, mailing addresses, phone numbers and e-mail addresses for up to 70 million individuals.

See Also: How to Hunt Threats Like Elite Defenders with Open NDR + MITRE ATT&CK®

"I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this," said Gregg Steinhafel, Target's chairman, president and chief executive officer. "I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team."

The likely exposure of the additional data was discovered during the company's forensics investigation of the breach.

"Much of this data is partial in nature," Target states. "The company will attempt to contact affected guests. This communication will be informational, including tips to guard against consumer scams. Target will not ask those guests to provide any personal information as part of that communication."

The statement from Target does not reveal how the additional data was exposed or accessed during the breach.

Free Credit Monitoring

Target also reiterates that its customers will not be liable for any fraudulent charges that result from breached data. The retailer is offering one year of free credit monitoring and identity theft protection "to all Target guests who shopped our U.S. stores," according to the statement. Target customers will have three months to enroll in the program, the retailer says.

"In light of the recent data breach, our top priority is taking care of our guests and helping them feel confident in shopping at Target," says John Mulligan, Target's executive vice president and chief financial officer.

How much this breach will ultimately cost Target remains to be seen, Mulligan adds. Costs related to the data breach may include liabilities to payment card networks for card fraud and card reissuance expenses; liabilities related to REDcard fraud and card re-issuance; liabilities from civil litigation, governmental investigations and enforcement proceedings; expenses for legal, investigative and consulting fees; and incremental expenses and capital investments for remediation activities. These costs may have an adverse effect on Target's fourth quarter and future earnings, he says.

About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by, ABC News, and MSN Money.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.