The data breach at Target is much larger than the 40 million customers whose payment data was stolen during the holiday shopping season.
Target’s massive data breach may affect 70 million to 110 million customers, and includes not just people who shopped at Target brick-and-mortar stores but also those who made purchases online.
The stunning figure represents about a third of all American adults at the low end and is nearly three times the company’s original estimate at the upper end. The scope of the theft is now rivaling the largest theft ever of retail data.
As part of Target’s ongoing forensic investigation, it has been determined that certain guest information — separate from the payment card data previously disclosed — was taken during the data breach. This theft is not a new breach, but was uncovered as part of the ongoing investigation. At this time, the investigation has determined that the stolen information includes names, mailing addresses, phone numbers or email addresses for up to 70 million individuals.
Target had earlier acknowledged that the credit or debit card information of 40 million customers who shopped at Target’s U.S. stores between Nov. 27 and Dec. 15 was stolen. (We’ve explained here what to do if you were one of those people.)
Adds the Times, “Although there could be overlap between the two groups of customers, the latest subset of potential victims includes customers who may not have shopped at Target during the holiday period.”
It added about the most recent discovery:
Molly Snyder, a Target spokeswoman, said that the data from customers included information gleaned through the normal course of business — when a person uses a call center and provides a phone number, for example, or volunteers an email address while shopping online.
Ms. Snyder conceded that the number of customers exposed could still grow.
There’s now a higher risk of identity theft for more people, says NBC News:
“They steal and combine what was stolen in previous breaches,” said Avivah Litan, a fraud analyst at technology research company Gartner. “There are warehouses of information on people and dossiers. Now we’ve got John’s credit card, his address, his phone number … they do put it together and sell entire profiles on people.”
None of those affected by the breach will be held liable for any fraudulent charges. And Target says it will offer a year of identity theft protection and credit monitoring services free of charge to all of its customers. Details weren’t available yet, but people will have three months to sign up.
Target said it will contact customers who have an email on file to provide information about protecting themselves from scammers who will use the stolen information. Target will not ask you for personal information when it contacts you, but you can bet that scammers will or will ask you to click on links.
To protect yourself against scams, Target suggests that you:
- Do not share personal information in unsolicited phone calls.
- Do not respond to text messages or open links to Web addresses from unknown sources.
- Do not wire money to people you do not know
- Carefully review your account statements for any indications of fraud.
How do you feel about Target now? Let us know in the comments below or on our Facebook page.