NEW YORK – Target disclosed Friday that its massive pre-Christmas security breach was significantly more extensive than earlier reports, and that 70 million shoppers may have been affected by the data theft.
As a result of the breach, millions of Target customers have become vulnerable to identity theft, experts say.
The nation’s second-largest discounter said hackers stole personal information – including names, phone numbers as well as email and mailing addresses – from as many as 70 million customers as part of a data breach it discovered last month.
Target announced Dec. 19 that 40 million credit and debit card accounts had been affected by a data breach that occurred between Nov. 27 and Dec. 15 – just as the holiday shopping season was getting into gear. As part of that announcement, the company said customers’ names, credit and debit card numbers, card expiration dates, debit-card PINs and the embedded code on the magnetic strip on the back of cards had been stolen.
According to new information gleaned from its investigation with the Secret Service and the Department of Justice, Target said Friday that criminals also took non-credit card-related data for 70 million shoppers who could have made purchases at Target stores outside the late-November-to-mid-December time frame.
Some overlap exists between the two data sets, the company said Friday. That means that more than 70 million people may have had their data stolen.
The latest developments come as Target said that just this week it was starting to see sales recover from the crisis. The company, however, cut its earnings outlook for the quarter that covers the crucial holiday season and warned that sales would be down for the crucial period.
But with the latest news, some analysts believe the breach could be a financial drag on the company for several more quarters.
Target is in a critical situation with consumers because its credibility and brand loyalty are being questioned, said David Johnson, CEO of Strategic Vision LLC, which specializes in crisis communications. Right now, investors think Target can weather the storm. But the longer it gets worse, the worse it is for Target.
The theft from Target’s databases could potentially be the largest data breach on record, surpassing a breach uncovered in 2007 that saw more than 90 million credit card accounts pilfered from TJX Cos.
Target investors have been largely unmoved by the company’s disclosures. Its stock has traded near $63 since news of the breach leaked Dec. 18.
But some observers believe the stock could get battered if consumers stay away from Target stores. Several Wall Street analysts downgraded their earnings forecasts for the retailer Friday.
Target tried to woo scared shoppers back to stores on the last weekend before Christmas with a 10 percent discount on nearly everything in its stores. Target is also offering a year of free credit monitoring and identity theft protection to customers that shopped at its stores.
Still, some experts believe the company should do more. Johnson of Strategic Vision says Target needs to rebuild shoppers’ trust. He believes Target needs to air TV commercials assuring them that it’s safe to shop in its stores. It also should offer more incentives like deeper discounts to woo consumers, Johnson said.
The company has 1,921 stores, with 1,797 locations in the U.S. and 124 in Canada.