Target has issued an update on the recent data breach that affected holiday shoppers saying up to 70 million names, mailing addresses, phone numbers or email addresses were stolen as part of the hack. Previously, the company had estimated around 40 million credit and debit card accounts – including expiration dates, security codes and PIN codes – were breached between November 27 and December 15.
The latest disclosure doesn't represent a new breach but rather new information revealed as part of the ongoing investigation. The company noted that the stolen data is "partial in nature" and that it could affect its past shoppers too, not just those who have visited the store recently. Target says it will attempt to contact everyone whose email address has been compromised to warn them of possible scam emails heading their way.
In a prepared statement, CEO Gregg Steinhafel said they are "truly sorry" that customers are having to endure the effects of the hack, and announced a handful of measures to help soften the blow.
Among them the company is promising zero liability for the cost of any fraudulent charges arising from the breach. In addition, to provide further peace of mind, Target is offering one year of free credit monitoring and identity theft protection to all guests who shopped at their U.S. stores, provided they enroll in the next 3 months.
The company says it will share more details in the coming weeks and has setup a dedicated page at target.com/databreach, and an FAQ with key information about the breach and tips to stay safe.