As part of the ongoing Target investigation – which began when 40 million credit and debit cards, CVV numbers and encrypted PIN codes were stolen following a roughly three-week attack on the retailer's point-of-sale (POS) devices – authorities have now uncovered an entirely different set of data that was taken during the breach.
The names, mailing addresses, phone numbers and email addresses of up to 70 million individuals was also stolen, according to a Friday statement by Target. While much of the information is “partial in nature,” Target will attempt to contact individuals whose email addresses are on file.
“I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this,” Gregg Steinhafel, chairman, president and chief executive officer of Target, said in the release.
In a bid to help out, Target is offering zero liability to individuals who experience fraudulent charges as a result of the breach. The retail giant is also extending one year of free credit monitoring and identity theft protection services to all affected consumers, which is fairly standard in data breach incidents, but there is currently no information on how to enroll in that program.
Target is unable to estimate any costs associated with the breach, according to the release, which may include, “liabilities to payment card networks for reimbursements of credit card fraud and card reissuance costs, liabilities related to REDcard fraud and card re-issuance, liabilities from civil litigation, governmental investigations and enforcement proceedings, expenses for legal, investigative and consulting fees, and incremental expenses and capital investments for remediation activities.”
Target also announced in the statement that after reviewing the financial performance of eight stores, those locations would be closing in the U.S. on May 3.
UPDATE: In response to an SCMagazine.com request for clarification regarding the amount of people impacted and the data that was compromised, Joshua Carter, public relations manager at Target, said, “This theft is not a new breach; these are two distinct thefts as part of the same breach and this development was uncovered in the course of the ongoing investigation. The 70 million guests impacted by this new development are separate from the 40 million number that was previously shared.”
UPDATE 2: On Jan. 13, Target announced that customers can begin enrolling for free credit monitoring services.