A Target spokesperson announced January 10 that, in addition to the original 40 million customers hit by hackers, the personal information of as many as 70 million people, including names, addresses, emails and phone numbers, was also stolen between late November and early December.
Target first reported that the breach occurred between November 27and December 15, 2013 on the terminals where customers swiped credit and debit cards. As well, Target announced the only information hacked was stored in the magnetic strips on the back of customers' cards. But one week later Target said encrypted PIN data had also been obtained. Now it believes a larger breach occurred elsewhere in its customer infrastructure and that a marketing database was breached , not just its financial database as first believed. This means that names, mailing addresses, telephone numbers and email addresses were taken. Further, some victims didn’t even shop at Target during that time.
READ MORE Data Breach LEGAL NEWS
In an interview with The Times, Gregg Steinhafel, Target's chief executive said, "I know that it is frustrating for our guests to learn that this information was taken, and we are truly sorry they are having to endure this… I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team."