Target says hacking hit 70 million customers

Posted at 9:23 AM, Jan 10, 2014
and last updated 2014-01-10 09:35:57-05

NEW YORK (CNNMoney) – The data breach at Target was significantly broader than originally reported: The company said Friday that 70 million customers had information such as their name, address, phone number and e-mail address hacked in the breach.

The company had previously said 40 million shoppers had their credit and debit card information stolen in the weeks following Thanksgiving.

Target said the hacking is not a new breach, but that it was discovered as part of the investigation into the theft of card information. The estimate of 70 million customers who had information stolen is in addition to the 40 million who had card information stolen, although there can be overlap between the two groups.

Target said some of the information stolen was partial in nature. It said it would try to reach customers for whom it has e-mail addresses to inform them of the breach. It cautioned that it would not be asking customers to provide information and warned customers not to provide additional personal information in response to any e-mail claiming to be from Target.

“I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this,” said Target CEO Gregg Steinhafel.

Customers will have zero liability for the cost of any fraudulent charges arising from the breach. Target is also offering one year of free credit monitoring and identity theft protection to all customers who shopped in U.S. stores. They will have three months to enroll in the program. More information on that offer will be available next week.

Experts suggest that customers who used debit or credit cards at Target between Nov. 27 and Dec. 15 should contact their card issuer and get a new card with a new account number. They should also change their PIN. And they should monitor their account carefully for any questionable purchases.

The hacking of other personal information won’t necessarily allow thieves access to customers’ bank or credit card accounts. But it does put them at greater risk for identity theft. They should be be more alert to the possibility of scam e-mails or text messages, especially those that ask for personal information. But there is also a risk that thieves can use the information to try to create new accounts in a customers name. So using the credit monitoring and identity theft protection service is therefore a good idea.

Target also said Friday that sales had been stronger than expected, but fell sharply after the hacking news. Target warned that sales and profits for the current quarter would be lower than expected because of that loss of consumer confidence.