Target's breach numbers worsen
Target on Friday revised the number of customers whose personal information was stolen in a widespread data breach during the holiday season, now reporting a range from 70 million to 110 million people.
The figure represents about a third of all American adults at the low end, and is nearly three times as great as the company’s original estimate at the upper end.
The theft is one of the largest ever of retail data.
Not only did Target’s announcement disclose a vastly expanded universe of victims, but it revealed that the hackers had stolen a broader trove of data than originally reported.
The company now says that other kinds of information were taken, including mailing and email addresses, phone numbers or names, the kind of data routinely collected from customers during interactions like shopping online or volunteering a phone number when using a call center.
On Dec. 19, Target confirmed reports that payment data was stolen from about 40 million customers who shopped in its stores in the United States from Nov. 27 to mid-December.
As its investigation into the theft continued, the company said it had found that an additional quantity of data, collected over time on 70 million people and stored separately from the in-store data, was stolen.
The latest subset of potential victims includes customers who may not have shopped at Target during the holiday period.
Although there is probably some overlap between the two groups, the company said it did not know the extent.
The effect of the data theft has reached far beyond one of the nation’s largest retailers. Major credit card companies and banks have been issuing warnings about potential fraud to their customers and providing them with new cards and account numbers as a precaution. Some banks have limited cash withdrawals.
As banks and companies continue to monitor customers’ accounts for suspicious activity, the Secret Service and the Justice Department have opened an investigation.
“This will impact many Target business partners — Visa, MasterCard and the host of banks and credit agencies that now have to keep an eye on the 110 million customers now vulnerable to identity theft,” said Hemu Nigam, founder of SSP Blue, a security and privacy consultant. “It affects more than Target customers, it affects mortgage lenders and car sales. It affects the entire economic infrastructure.”