Gannett News Service
January 16, 2014
The massive data breach at Target over the holiday season is potentially much worse than the retailer first reported?as many as 110 million people may have had their identity and financial information compromised, the retailer says.
It remains unclear just how many individuals are affected and how. The company's ongoing investigation found that up to 70 million people had personal information stolen in the breach; in December, Target disclosed that 40 million accounts had been hacked.
The amount of overlap between the two figures?70 million and 40 million?is uncertain. Target averages 30 million customers a week.
The retailer said Friday that "the stolen information includes names, mailing addresses, phone numbers or e-mail addresses for up to 70 million individuals."
"I know that it is frustrating for our guests to learn that this information was taken, and we are truly sorry they are having to endure this," Target CEO Gregg Steinhafel said in a press release.
Along with the encrypted PIN data, Target previously said that data thieves stole customer names, credit and debit card numbers, card expiration dates and the embedded code on the magnetic strip on the back of cards used at Target between Nov. 27 and Dec. 15. The breach occurred after cybercriminals forced their way into Target's data system.
There may be overlap in customers who had both personal identification information stolen as well as credit and debit card data, but Target doesn't know to what extent, says spokeswoman Molly Snyder.
News of the additional stolen data brings the total number of potential customers affected up to 110 million. It also may increase the threat of identity theft, says Greg McBride, senior financial analyst at Bankrate.com.
"For somebody to actually go out and open credit in your name, it's pretty tough to do if they don't have your Social (Security number)," he says. "But if they have your Social and have all this other stuff too, it compounds the problem."
Customers involved are also at greater risk of being targeted by e-mail scams, he says.
To give "peace of mind," the Minneapolis-based retailer will offer free credit monitoring and identity theft protection to all its customers, with an opportunity to enroll over the next three months.
Target shares were down 1.2(PERCENT) to $62.56 in afternoon trading.
For Target customers who had their information stolen, the incident has meant hours spent speaking with banking customer service representatives, having to close accounts, be issued new credit and debit cards?and updating online accounts with the new information -- and file identity theft reports.
Karen Raper, 46, from Lula, GA, spent two hours talking to her bank on Christmas Eve after it notified her of suspicious activity showing up on her account from Ohio. Raper had shopped at Target on Black Friday, buying a camera for her daughter. Fifth Third Bank closed her account, will refund her the $300 that was charged and issue her a new card. But Raper says she's reluctant to head back to Target.
Kim Thompson, 39, says the situation makes her "angry, frustrated and concerned." Thompson, from Memphis, used her debit card to purchase groceries at Target at the beginning of December. She says she'll continue to shop there because it's convenient, but that she'll only use cash.
"This is a lesson to just sort of all of us to be constantly monitoring your accounts for unauthorized transactions," McBride says. "Because you have no liability as long as you report that to your financial institution."
Others are put off by a seeming lack of communication from Target. Those interviewed by USA TODAY say the first time they heard their information was compromised was, in most cases, from their bank, not the retailer.
"If Target does anything, it just seems like I have to either look it up or hear about it secondhand," says Jackie Chavez, 40.
Chavez, from El Paso, shopped at Target on Black Friday and found out after Christmas from her bank that there was suspicious activity on her account.
Target e-mailed customers it thought were affected, and for whom it had e-mail addresses, in the days after the breach was first announced Dec. 19. Snyder says that amounted to "millions of e-mails." It will do the same for the additional customers it's now found to be involved. The company also created a dedicated page on its website for the data breach, including resources about identity theft and credit reports.
The most recent announcement about the breach comes amid news of an unsuccessful holiday season for retailers and follows other disappointments at Target. Target lowered its fourth-quarter guidance Friday, expecting a comparable store sales decline of 2.5(PERCENT). It previously said sales would be flat.
Target also revealed at the end of December that some gift cards sold during the holidays weren't fully activated, but that it would still honor the faulty cards.
The retailer will close eight stores in May. The stores are in West Dundee, IL; Las Vegas; North Las Vegas; Duluth, GA; Memphis; Orange Park, FL; Middletown, Ohio; and Trotwood, OH.
Quality News Today is an ASQ member benefit offering quality related news
from around the world every business day.