The data breach that exposed the credit and debit card accounts of millions of Target shoppers caused more damage than first thought, the discount retailer said today.
Target said in a statement that up to 70 million customers were affected by the breach last month. The company had originally reported that 40 million individuals were affected.
The Minneapolis-based retailer also noted that thieves swiped more information than had been previously disclosed. Not only did they get their hands on customer names, account numbers, security codes and expiration dates from the magnetic strips on the backs of credit and debit cards, but thieves also stole mailing addresses, email addresses and phone numbers.
Target confirmed to ABC News this morning that the additional personal information discovered stolen in the pre-Christmas breach “was obtained through the normal course of Target’s business,” which is to say both in-store and online. Until now, the company had said the breach only affected those who shopped in its stores between Nov. 27 and Dec. 15.
“I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this,” Target CEO Gregg Steinhafel said in the statement. “I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team.”
Target, the second-largest U.S. discount retailer, after Walmart, said customers “will have zero liability for the cost of any fraudulent charges arising from the breach.”
The retailer is also offering credit monitoring and identity-theft protection free of charge for a year to those who shopped at its U.S. stores. Company officials say they will provide specific instructions next week about how to enroll.
ABC News’ Aaron Katersky contributed to this report.