Retailer Target has announced that the breach affecting the company was even bigger than thought – and 70 million credit card details may have leaked.
Other information about Target’s customers may also have been stolen, the company admitted in an official statement.
“As part of Target’s ongoing forensic investigation, it has been determined that certain guest information — separate from the payment card data previously disclosed — was taken during the data breach,” the company said.
The company said in its statement that customers would have “zero liability” for charges to their cards. An in-depth We Live Security guide to how to minimize risks if you are one of the potential victims
“This theft is not a new breach, but was uncovered as part of the ongoing investigation. At this time, the investigation has determined that the stolen information includes names, mailing addresses, phone numbers or email addresses for up to 70 million individuals.”
“I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this,” said Gregg Steinhafel, chairman, president and chief executive officer, Target. “I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team.”
Details of 40 million customer debit and credit cards may have leaked in a data breach at Target – which began on November 27 and ended on December 15.
“Approximately 40 million credit and debit card accounts may have been impacted between Nov. 27 and Dec. 15, 2013,” the retailer said in a statement.
“Target alerted authorities and financial institutions immediately after it was made aware of the unauthorized access, and is putting all appropriate resources behind these efforts. Among other actions, Target is partnering with a leading third-party forensics firm to conduct a thorough investigation of the incident.”
The story initially broke via security expert Brian Krebs’ site, Krebs on Security, leaked to him via officials at 10 credit card issuers.
According to ABC News, the U.S. secret service is currently investigating, but declined to provide further details. The report said that the attack hit the height of the shopping season, and described it as “one of the largest data breaches of all time”.
“The type of data stolen — also known as “track data” — allows crooks to create counterfeit cards by encoding the information onto any card with a magnetic stripe. If the thieves also were able to intercept PIN data for debit transactions, they would theoretically be able to reproduce stolen debit cards and use them to withdraw cash from ATMs,” Krebs said.
Author Rob Waugh, We Live Security