DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Target update: 70 million MORE customers affected by breach (Update)

Posted on January 10, 2014 by Dissent

From their press release of today:

MINNEAPOLIS — January 10, 2014

Target today announced updates on its continuing investigation into the recent data breach and its expected fourth quarter financial performance.

As part of Target’s ongoing forensic investigation, it has been determined that certain guest information — separate from the payment card data previously disclosed — was taken during the data breach.

This theft is not a new breach, but was uncovered as part of the ongoing investigation. At this time, the investigation has determined that the stolen information includes names, mailing addresses, phone numbers or email addresses for up to 70 million individuals.

Much of this data is partial in nature, but in cases where Target has an email address, the Company will attempt to contact affected guests.  This communication will be informational, including tips to guard against consumer scams. Target will not ask those guests to provide any personal information as part of that communication. In addition, guests can find the tips on our website.

“I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this,” said Gregg Steinhafel, chairman, president and chief executive officer, Target. “I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team.”

Guests will have zero liability for the cost of any fraudulent charges arising from the breach. To provide further peace of mind, Target is offering one year of free credit monitoring and identity theft protection to all guests who shopped our U.S. stores. Guests will have three months to enroll in the program. Additional details will be shared next week. To learn more, please go to target.com/databreach.

You can read the full press release, with Fourth Quarter outlook and other investor-related information here.

Update: I contacted Target to clarify whether these 70 million customers were in addition to the 40 million previously known, or if 70 million was the new total. A Target spokesperson confirmed to me that these are 70 million other customers. So although their credit card information does not seem to have been involved, the total number of customers affected seems to be 110 million – although I wouldn’t be surprised if they eventually report that there’s overlap between these two sets of breach victims.

Related posts:

  • Noodles and Company confirms payment card breach
  • Marriott says data breach compromised info of up to 500 million guests
Category: Breach IncidentsBusiness SectorHackID TheftOf NoteU.S.

Post navigation

← GA: Phoebe Putney Hospital notifies 6,777 patients about stolen computer
NY Court of Appeals rules employer not liable for actions of employee acting outside scope of employment →

1 thought on “Target update: 70 million MORE customers affected by breach (Update)”

  1. IA Eng says:
    January 10, 2014 at 10:10 am

    With the sheer amount of data that comes from this breach, its highly improbable that a year of credit monitoring is enough. A year is trivial; it may take a few years for crooks to sift through this “treasure trove” of breached info.

    That email list alone is worth alot on the underground. Its fresh new and creates the potential for the crooks to update their spam and phishing lists.

    What really bothers me about all of these breaches is, that there never seems to be enough detailed information of how the hackers got in. There are always generic statements, and honestly one never knows what the truth is. If Target follwed the rest of the medium to large businesses and use a specific set of web servers and software, it could well be the culprit.

    Seeing all the hacks that happened around them, its hard to say if they took any precautionary steps or acted proactively in the security arena. Requiring staff members to change passwords every 120 days or so is one simple step. Another is to ensure the server farm is not using the same username and passwords on all of them.

    Steps can be taken to mitigate some of the potential attacks on businesses. Pay the price for the consultants to come in and offer guidance before a potential attack occurs. Or, if there is a security enterprise team of 4-6 individulas that scan the systems and networks for potential issues it may save face, reputation and some of their most coveted bottom line – Money.

    Too late now. All they are going to do is pull their pants back up, shrug and say “we were a victim too”. Instead of saying we were proactive and thinking about our customers security and privacy. Greed, lax security posture, lethargic due dilligence and ignoring the prudent man rule – not to mention the fact that they put a “Target” on one’s back, will get you in trouble most times.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.