updated 01:27 pm EST, Fri January 10, 2014
Partial names, postal addresses, phone numbers taken
Target has revealed that the data breach affected far more than initially thought, with as many as 70 million account records taken in the hacking. Aside from revealing a far higher figure than the 40 million accounts believed to have been taken, the retailer has promised that those affected "will have zero liability for the cost of any fraudulent charges arising from the breach."
Initial reports about the attack stated that the data taken included credit and debit card information on transactions between November 29th and December 15th in stores, with the retailer confirming on December 27th that "strongly encrypted PIN data" was taken as well. Under the same intrusion, it believes that names, mailing addresses, phone numbers and e-mail addresses of customers were also taken along with the payment data, and while it advises that some of this data was "partial in nature," it is not clear if the payment data and the account details were linked at all.
"I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this," said chairman, president, and CEO of Target Gregg Steinhafel. "I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team."
In terms of helping those affected, Target is offering one year of free credit monitoring and identity theft protection to all customers that shopped at its US stores. While more details about the protection will be supplied next week, the retailer advises that customers will have three months to enroll in the program.