Target says data breach hit up to 110 mn customers (Update 2)

Jan 10, 2014

Giant US retailer Target said Friday that up to 110 million customers have had their personal data stolen in a data breach, sharply raising its initial estimate.

The number of people affected represented one in three Americans, and the scope of the information stolen was much broader than originally thought, Target admitted.

Target initially reported on December 19 that payment card data of some 40 million customers had been obtained by hackers during the year-end holiday shopping season.

The stolen information included credit and debit card data, customer names and PIN (personal identification data) numbers.

On Friday, Target said that its investigation had revealed that hackers also stole a second batch of data that included names, mailing addresses, phone numbers or email addresses for up to 70 million people.

"This theft is not a new breach; these are two distinct thefts as part of the same breach," a Target spokesman told AFP.

"The 70 million guests impacted by this new development are separate from the 40 million number that was previously shared."

Target chief executive Gregg Steinhafel said the company was "truly sorry" for the data breach.

Target said consumers would have "zero liability" due to any fraudulent charges arising from the theft. It offered one year of free credit monitoring protection.

Target is cooperating with an investigation led by the Justice Department and Secret Service. A group of state attorneys general have launched a parallel investigation aimed at protecting victims.

New York Attorney General Eric Schneiderman called the new disclosure "deeply troubling."

"Consumers in New York and around the country expect and deserve companies that protect their personal information when they shop on their websites and in their stores," Schneiderman said in a statement.

Target said the news of the data theft, which came at the peak of the Christmas shopping season, impacted sales in its stores.

It said it now expects fourth-quarter comparable store sales to decline 2.5 percent from its prior forecast of flat sales.

The company said it may need to take a charge for expenses related to the data breach to cover potential costs, including reimbursements for credit card fraud, liabilities from civil litigation, government investigations and enforcement proceedings.

Target shares shed 1.1 percent to $62.62 on Friday.

Explore further: Target: 40M card accounts may be breached (Update 2)

add to favorites email to friend print save as pdf

Related Stories

Target: Customers' encrypted PINs were stolen

Dec 27, 2013

Target said Friday that debit card PIN numbers were among the financial information stolen from millions of U.S. customers who shopped at the retailer earlier this month.

Recommended for you

Facebook dressed down over 'real names' policy

Sep 17, 2014

Facebook says it temporarily restored hundreds of deleted profiles of self-described drag queens and others, but declined to change a policy requiring account holders to use their real names rather than drag names such as ...

Yelp to pay US fine for child privacy violation

Sep 17, 2014

Online ratings operator Yelp agreed to pay $450,000 to settle US charges that it illegally collected data on children, in violation of privacy laws, officials said Wednesday.

User comments : 0