Separate info on 70M stolen in Target breach

Share this article:
The PII of up to 70 million individuals was also stolen, according to a Friday statement by Target.
The PII of up to 70 million individuals was also stolen, according to a Friday statement by Target.

As part of the ongoing Target investigation – which began when 40 million credit and debit cards, CVV numbers and encrypted PIN codes were stolen following a roughly three-week attack on the retailer's point-of-sale (POS) devices – authorities have now uncovered an entirely different set of data that was taken during the breach.

The names, mailing addresses, phone numbers and email addresses of up to 70 million individuals was also stolen, according to a Friday statement by Target. While much of the information is “partial in nature,” Target will attempt to contact individuals whose email addresses are on file.

“I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this,” Gregg Steinhafel, chairman, president and chief executive officer of Target, said in the release.

In a bid to help out, Target is offering zero liability to individuals who experience fraudulent charges as a result of the breach. The retail giant is also extending one year of free credit monitoring and identity theft protection services to all affected consumers, which is fairly standard in data breach incidents, but there is currently no information on how to enroll in that program.

Target is unable to estimate any costs associated with the breach, according to the release, which may include, “liabilities to payment card networks for reimbursements of credit card fraud and card reissuance costs, liabilities related to REDcard fraud and card re-issuance, liabilities from civil litigation, governmental investigations and enforcement proceedings, expenses for legal, investigative and consulting fees, and incremental expenses and capital investments for remediation activities.”

Target also announced in the statement that after reviewing the financial performance of eight stores, those locations would be closing in the U.S. on May 3.

UPDATE: In response to an SCMagazine.com request for clarification regarding the amount of people impacted and the data that was compromised, Joshua Carter, public relations manager at Target, said, “This theft is not a new breach; these are two distinct thefts as part of the same breach and this development was uncovered in the course of the ongoing investigation. The 70 million guests impacted by this new development are separate from the 40 million number that was previously shared.”

UPDATE 2: On Jan. 13, Target announced that customers can begin enrolling for free credit monitoring services.

Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.