Target revealed Friday that the number of people affected by a massive data breach during last year’s holiday shopping season is nearly double the original estimate, and that additional personal information other than credit or debit card accounts have been stolen.
The big box retailer, one of the largest in the country, said its ongoing forensic investigation discovered that hackers stole personal information for up to 70 million individuals in a scheme that was broader than originally indicated.
Intruders were able to obtain customers’ names, mailing addresses, phone numbers or email addresses, along with credit/debit card information, which was already revealed by Target last month.
The retailer noted in a message on its website that “this is not a new breach,” but was uncovered during its investigation, which also includes law enforcement authorities.
Much of the data is partial in nature, Target said, adding that the company will attempt to contact customers impacted by the breach of its internal payment systems. The correspondence from Target will include tips to guard against consumer scams.
Target Chairman and CEO Gregg Steinhafel acknowledged that the breach is “frustrating” for customers.
“We are truly sorry they are enduring this,” Steinhafel said. “I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team.”
New York State Attorney General Eric Schneiderman, whose office is involved in a national investigation into the breach, called the updated number of 70 million victims “deeply troubling.”
“Consumers in New York and around the country expect and deserve companies that protect their personal information when they shop on their websites and in their stores,” he said in a statement.
Affected shoppers have no liability and Target will offer one year of free credit monitoring and identity theft protection to everyone who shopped in its U.S. stores, the company said. Customers have three months to enroll in the program.
The breach occurred during the busiest time of the year for retailers. Hackers accessed Target’s systems between Nov. 27 and Dec. 15. The company made shoppers aware only after news of the hack leaked on the web.
Long Island is home to 14 Target stores, four in Nassau County—Hicksville, Levittwon, Valley Stream, Westbury—and 10 in Suffolk—Bay Shore, Central Islip, two in Commack, Copiague, Farmingdale, Huntington Station, Medford, Riverhead, South Setauket.
Target said it will provide another update next week.