If you are still holding breath, you can inhale now: Target estimates the breach has affected as many as 70 million accounts, and the stolen data includes not only debit and credit card records, but also mailing addresses, phone numbers and email addresses.
“As part of Target’s ongoing forensic investigation, it has been determined that certain guest information — separate from the payment card data previously disclosed — was taken during the data breach,” the company said in a statement.
”This theft is not a new breach, but was uncovered as part of the ongoing investigation. At this time, the investigation has determined that the stolen information includes names, mailing addresses, phone numbers or email addresses for up to 70 million individuals.”
Originally, Target estimated that about 40 million records were compromised, but as the investigation continues, the extent of the damage continues to grow.
“I think they still have no idea how big this is,” said security professional David Kennedy. “This is going to end up being much larger than 70 million and end up being the largest retail breach in history,” said Kennedy, who has experience investigating retail breaches.
Target is offering one year of free credit monitoring and identity theft protection to all Target customers, and they have a three month window in which to enroll. Problem is, the stolen data may not be used for fraud in that short time period, leaving the compromised to fend for themselves after that.
“I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this,” said Gregg Steinhafel, chairman, president and chief executive officer, Target. “I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team.”
Reports indicate that some of the stolen data is already being offered for sale on the black market. For more details on how the digital underground works, consult this article.