Target Corp. said Friday that the massive data breach the company suffered during the first three weeks of the holiday shopping season exposed information of 70 million customers.
In a statement on its website, the Minneapolis-based retailer said its ongoing forensic investigation into the data breach had determined that in addition to the customer payment card data it disclosed earlier had been taken, customer names, mailing addresses, phone numbers and email addresses were also taken.
Target first acknowledged the breach on Dec. 19, and revealed on Dec. 27 that its forensic investigation had found that the information hackers collected from Nov. 27 to Dec. 15 included encrypted PIN data embedded in users' cards. The data breach initially was estimated to have affected 40 million customers.
In its statement Friday, Target said it would attempt to contact affected customers.
“This communication will be informational, including tips to guard against consumer scams,” the company statement said, noting that it is also providing consumer tips on its website.
Target’s Friday statement said its customers will have no liability for fraudulent charges resulting from the data breach. It also said it will provide additional details next week of its plan to offer one year of free credit monitoring and identity theft protection to everyone who shopped in its U.S. stores.
In its statement, Target also reduced its fourth-quarter earnings estimate. Among reasons the company cited for the adjustment was “meaningfully weaker-than-expected sales” since the initial data breach announcement. It added, though, that sales “have shown meaningful improvement in the last several days.”
At this time, “the company is not able to estimate the costs, or a range of costs, related to the data breach,” Target said in the statement. “Costs may include liabilities to payment card networks for reimbursements of credit card fraud and card reissuance costs; liabilities related to REDcard (Target’s credit card) fraud and card reissuance’ liabilities from civil litigation, governmental investigations and enforcement proceedings; expenses for legal, investigative and consulting fees; and incremental expenses and capital investments for remediation activities.”