The data breach at Target was significantly broader than originally reported: The company said Friday that 70 million customers had information such as their name, address, phone number and e-mail address hacked in the breach.
Target said the personal data stolen could affect its past shoppers -- not just those who have visited the store recently.
The breach occurred in the weeks following Thanksgiving when as many as 40 million customers may have also had credit or debit card information stolen. A Target spokesperson said there may be overlap between the two groups, but they do not currently know the extent.
Target said it would try to reach customers for whom it has e-mail addresses to inform them of the breach. It cautioned that it would not ask customers to provide any personal information and warned customers not to respond to any e-mail claiming to be from Target.
"I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this," said Target CEO Gregg Steinhafel.
Customers will not be liable for the cost of any fraudulent charges. Target is also offering one year of free credit monitoring and identity theft protection to all customers who shopped in U.S. stores. Customers will have three months to enroll in the program.
Experts suggest that customers who used debit or credit cards at Target between Nov. 27 and Dec. 15 should contact their card issuer and get a new card with a new account number. They should also change their PIN and monitor their account carefully for any questionable purchases.
Today's data breach doesn't necessarily mean that thieves can gain access to customers' bank or credit card accounts. But it does put them at greater risk for identity theft. There is also a risk that thieves can use the information to try to create new accounts in a customer's name.
Target ( also said Friday that holiday sales fell sharply after the hacking news. Sales at stores open at least a year fell between 2% and 6% after the announcement. The company also said that the costs related to the hacking will hurt earnings. )