Target's data breach: It gets worse

Target said names, email addresses and other data was stolen and could affect up to 70 million customers. This disclosure comes on top of a payment card breach outlined in December.
Written by Larry Dignan, Contributor

Target said Friday that names, mailing addresses, phone numbers and email addresses for up to 70 million people were also stolen along with payment card data.

The disclosure---the latest round of bad news for Target customers---comes as the retailer continues to investigate the loss off previously disclosed payment card data. Target first disclosed the data breach affecting 40 million consumers in mid-December.

According to the retailer, the latest disclosure doesn't represent a new breach, but was revealed as part of its first investigation.

Target added that a lot of the data is partial, but the retailer will contact those who had email addresses taken.

CEO Gregg Steinhafel, who has a security crisis that isn't going away easily, said in a statement:

I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this. I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team.

While the fallout from the breach is tough to measure, Target did say that its fourth quarter same store sales will fall 2.5 percent compared to a prior expectation of flattish sales.

The company also said that fourth quarter REDcard penetration---Target's loyalty, credit and debit card---was in line with year-to-date trends before the data breach. Since the breach was disclosed "growth has moderated" but REDcard penetration is stronger than a year ago.

Target said it expects fourth quarter earnings of $1.20 a share to $1.30 a share, down from its previous outlook of $1.50 a share to $1.60 a share. Target also said it plans to close eight stores.

The company added that the fourth quarter may include charges from its data breach, but couldn't get specific.

According to the company:

At this time, the Company is not able to estimate the costs, or a range of costs, related to the data breach. Costs may include liabilities to payment card networks for reimbursements of credit card fraud and card reissuance costs, liabilities related to REDcard fraud and card re-issuance, liabilities from civil litigation, governmental investigations and enforcement proceedings, expenses for legal, investigative and consulting fees, and incremental expenses and capital investments for remediation activities. These costs may have a material adverse effect on Target’s results of operations in fourth quarter 2013 and/or future periods.

Editorial standards