The data breach at Target
that resulted in millions of customer credit and debit card data being compromised is much worse than initially thought. Target had revealed last month
that as many as 40 million payment card accounts may have been impacted between November 27 and December 15, 2013, but the retail giant has since discovered that a second batch of data was also stolen. That batch includes names, mailing addresses, phone numbers, or email addresses for up to 70 million additional customers, bringing the tally to 110 million.
The additional data is not part of a new breach, but was uncovered as part of an ongoing investigation into the original incident that occurred right in the midst of the holiday shopping season.
"I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this," said Gregg Steinhafel, chairman, president and chief executive officer, Target. "I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team."
Target reiterated that its customers will not be liable for any fraudulent charges arising from the breach. In addition, Target is offering affected customers one year of free credit monitoring and identity theft protection.
The retail chain also lowered its sales forecast as a result of the data breach. Target says it expects a sales decline of 2 percent to 6 percent due to "meaningfully weaker-than-expected sales since the announcement."