NEW YORK (CBSNewYork/AP) — Target’s pre-Christmas security breach was significantly more extensive and affected millions more shoppers than the company reported last month.
As CBS 2’s Bigad Shaban reported, the nation’s second largest discounter said Friday that hackers stole personal information, including names, phone numbers as well as email and mailing addresses, from as many as 70 million customers as part of a data breach it discovered in December.
Target Corp. disclosed last month that about 40 million credit and debit cards may have been affected by a data breach that happened between Nov. 27 and Dec. 15, just as the holiday shopping season was shifting into high gear.
According to new information gleaned from its investigation with the Secret Service and the Department of Justice, Target said Friday that criminals also took non-credit card related data for some 70 million shoppers who could have made purchases at Target stores outside the late Nov. to mid-Dec. timeframe. Some overlap exists between the two data sets, the company said Friday.
“I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this,” said Gregg Steinhafel, Target chairman, president and CEO, in a statement.
Attorney General Eric Schneiderman said the new information about the data breach was “deeply troubling.”
“Consumers in New York and around the country expect and deserve companies that protect their personal information when they shop on their websites and in their stores,” he said in a statement Friday. “That is why my office is participating in a national investigation into this breach, why I pressed Target to provide free credit monitoring for the 40 million Target customers identified last month and why I insist it extends the same service to every new victim.”
Target now plans to offer all of it’s shoppers free credit monitoring for a year, Shaban reported.
While Target investors have been largely unmoved, the incident has shaken shoppers.
Rosie Laeiderman, one of the millions targeted in the breach, told Shaban she’s uneasy about the situation.
“It worries me that my name is out there somewhere with all my information. If it wasn’t before, it could be now,” Laeiderman said. “It’s really hard to clear your name when someone uses all your information, and it’s just not a good feeling.”
The company’s stock has traded at about $63 since news of the breach leaked on Dec. 18. It slipped just 67 cents, or 1 percent, to $62.67 in morning trading Friday.
Target revealed on Friday, however, that the breach diminished holiday sales. The company cut its forecast for fourth-quarter earnings, a key sales barometer.
The theft from Target’s databases is still the second largest data breach on record, rivalling an incident uncovered in 2007 that saw more than 90 million credit card accounts pilfered from TJX Cos. Inc.
Target said in December that customers’ names, credit and debit card numbers, card expiration dates, debit-card PINs and the embedded code on the magnetic strip on the back of cards had been stolen.
Target tried to woo scared shoppers back to stores on the last weekend before Christmas with a 10 percent discount on nearly everything in its stores.
But Customer Growth Partners LLC, a retail consultancy, estimated that the number of transactions at Target fell 3 percent to 4 percent on the Saturday before Christmas, compared with a year ago.
“You have violated that person’s trust. And it’s going to take time to regain that trust,” said Brian Sozzi, CEO & Chief Equities Strategist of Belus Capital Advisors.
Target lowered its fourth-quarter adjusted earnings guidance to a range of $1.20 to $1.30 per share, down from $1.50 to $1.60 per share. Analysts surveyed by FactSet expect earnings of $1.24 per share.
The Minneapolis-based company also said that it now foresees fourth-quarter sales at stores open at least a year will be down about 2.5 percent. It previously predicted those sales would be about flat.
This figure is a closely watched indicator of a retailer’s health.
Target cautioned that its fourth-quarter financials may include charges related to the data breach. The chain said the costs tied to the breach may have a material adverse effect on its quarterly results as well as future periods.
The company has 1,921 stores, with 1,797 locations in the U.S. and 124 in Canada.
Check Out These Other Stories From CBSNewYork.com:
- Federal Investigators Seek Answers In Deadly NJ TRANSIT Train Crash In Hoboken
- Commuters Find Alternatives After NJ TRANSIT Train Crash
- NJ TRANSIT Engineer Involved In Deadly Hoboken Train Crash Identified
- Woman Who Died In NJ TRANSIT Crash Recently Moved To Hoboken From Brazil
(TM and © Copyright 2014 CBS Radio Inc. and its relevant subsidiaries. CBS RADIO and EYE Logo TM and Copyright 2014 CBS Broadcasting Inc. Used under license. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed. The Associated Press contributed to this report.)