MINNEAPOLIS, Minn. — Target Corp.'s data breach problem just got bigger.
Amid concerns from financial institutions that Target's initial estimates on the extent of the data breach were conservative, the giant retailer Friday morning announced that up to 70 million customers had their personal information stolen.
The Target breach now creeps closer to the March 2007 TJX Cos. Inc. breach that impacted 90 million accounts and the 2008 Heartland Payment Systems breach where 134 million credit cards were exposed.
Last month Target revealed that more than 40 million credit and debit cards accounts were compromised in the breach that occurred between Nov. 27 and Dec. 15.
Encrypted personal identification numbers were stolen as well.
Target's latest investigation indicates that stolen information includes names, mailing addresses, phone numbers or e-mail addresses for up to 70 million individuals.
"I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this," said Target CEO Gregg Steinhafel in a release.
Target originally reported that thieves stole customer names, credit and debit card numbers, card expiration dates and the embedded code on the magnetic strip on the back of cards. The company said it will offer
Greg Smith, CEO of Pennsylvania State Employees CU in Harrisburg, said he is concerned members could be subjected to identity theft scams since additional personal data has been exposed. "The fraudsters are incredibly creative."
As far as the additional accounts now compromised, Smith said those numbers do not impact his credit union, as PSECU has already run reports on all of the cards in its portfolio that were used during the breach period. The $4.2 billion institution has blocked and reissued 28,000 cards.
Smith said he is not surprised that the Target breach got even bigger. "They give you bad news, and then more bad news. You wonder when it will stop."
