January 10, 2014
Additional 70M Target Customers Affected In December Cyber-Attack
Peter Suciu for redOrbit.com - Your Universe Online
Many consumers dread looking at their credit card statements after the holidays, but those who shopped at Target last month will likely want to look at their statements very closely.
“Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence. We regret any inconvenience this may cause,” said Gregg Steinhafel, chairman, president and chief executive officer, Target, in a corporate statement in December. “We take this matter very seriously and are working with law enforcement to bring those responsible to justice.”
Steinhafel’s apology might need an update.
On Friday, the company announced in a statement that it is “continuing (its) investigation into the recent data breach” and added it determined that “certain guest information – separate from the payment card data previously disclosed – was taken during the data breach.”
This theft the company noted was not a new breach, but was rather uncovered as part of its ongoing investigation into December's data breach. Target announced that the investigation further determined that the stolen information could include names, mailing addresses, phone numbers and/or email addresses for up to 70 million individuals. It appears from online reports that this is in addition to the 40 million customers affected in December!
As reported by CNN, security experts have suggested that customers who had shopped at Target and used either debit or credit cards in the stores between November 27 and December 15 should contact their card issuer to get a new card with a new account number. In addition, customers should change their PIN and also monitor their accounts carefully to watch for questionable purchases.
During December’s cyber-attack customers’ credit card and debit card data may have been stolen, along with the three-digit security code found on the back of the cards.
The Washington Post noted, “The breach highlighted vulnerabilities in the massive, interconnected shopping systems used for billions of dollars of retail transactions every day. Customers at Target’s nearly 1,800 stores in the United States were potentially affected, though those who shopped online were not.”
While Steinhafel apologized back in December following the disclosure of the original breach, he found himself back in crisis management mode on Friday, and issued the following statement:
“I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this. I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team.”
Target also looked to reassure its customers that they will “will have zero liability for the cost of any fraudulent charges arising from the breach. To provide further peace of mind, Target is offering one year of free credit monitoring and identity theft protection to all guests who shopped our U.S. stores. Guests will have three months to enroll in the program.”
Additional details will be provided next week.
On Friday the company also provided an update on its fourth quarter outlook, and saw stronger-than-expected fourth quarter sales prior to the December 19, 2013 announcement of the breach. However, the company reported that it anticipates a fourth quarter 2013 comparable sales decline of approximately 2.5 percent compared with prior guidance of approximately flat comparable sales.