Target disclosed today that personal information on some 70 million customers including names, addresses, emails and phone numbers was stolen. This is in addition to the 40 million customers whose credit and debit card information was breached.
“I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this,” Gregg Steinhafel, chairman, president and chief executive officer of Target was quoted as saying in a statement. “I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team.”
Target stated that this was not a new breach but was discovered as part of the ongoing investigation into the earlier credit card and debit card breach, which occurred from November 27 to December 15.
“As part of Target’s ongoing forensic investigation, it has been determined that certain guest information — separate from the payment card data previously disclosed — was taken during the data breach,” the Target statement said.
Vendors and security experts were quick to respond to Target’s latest revelations.
“Target is not the first company to have restated the scope and impact of a breach. Restatements, like Target’s as well as Adobe before them, demonstrate how hard it can be to put the pieces back together after they’ve fallen apart,” Nathaniel Couper-Noles, principal security consultant at Neohapsis said in a statement.
Eric Chiu, president & co-founder of HyTrust commented: “This new information from Target underscores the massive impact this breach will have on its customers, ranging from unauthorized credit card transactions and spear phishing attacks to identity theft.
Target reiterated that customers will not be held liable as a result of fraudulent charges and said in an effort to provide further peace of mind it was offering one year of free credit monitoring and identity theft to all its guests who shopped their US stores.
In addition, Target announced that it would be closing eight US store on May 3, 2014 after “careful consideration of each location’s financial performance.”
It said that sales were “meaningfully weaker-then-expected” since the first announcement on the breach.