NEW YORK (AP) -- Target says that personal information -- including phone numbers and email and mailing addresses -- was stolen from as many as 70 million customers in its pre-Christmas data breach. That was substantially more customers than Target had previously said were affected.
The chain also cut its fourth-quarter adjusted earnings forecast and outlook for a key sales barometer.
Target had announced in December that about 40 million credit and debit cards may have been affected by a data breach that happened between Nov. 27 and Dec. 15 -- just as the holiday shopping season was getting into gear.
The retailer said Friday that the personal information stolen is not a new breach, but was discovered during its ongoing investigation.
Target Corp.'s stock fell in Friday premarket trading.
(Earlier Friday - from KARE 11)
Minnesota-based Target says the size of an already massive security breach is even bigger than originally thought.
A company spokesperson confirmed to our sister-station KARE 11 Friday that 70 million more customers have been impacted by the leak of private data. Company official Molly Snyder says the new breach of 70 million customers is in addition to the 40 million first reported. Snyder says there is some overlap between the two groups, and that Target is trying to determine how many customers are victim to both information leaks.
Target reports that an ongoing forensic investigation determined that certain guest information -- separate from the payment card data previously disclosed -- was taken during the data breach.
"This theft is not a new breach, but was uncovered as part of the ongoing investigation," the news release reads. "At this time, the investigation has determined that the stolen information includes names, mailing addresses, phone numbers or email addresses for up to 70 million individuals."
Company officials say much of this data is partial in nature, but in cases where Target has an email address, the company will attempt to contact affected guests. This communication will be informational, including tips to guard against consumer scams. Target will not ask those guests to provide any personal information as part of that communication.
Target announced last month that encrypted personal identification numbers were stolen for up to 40 million credit and debit cards in the breach.
"I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this," said Gregg Steinhafel, chairman, president and chief executive officer, Target. "I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team."
Target maintains that customers will not carry any financial liability for fraudulent charges arising from the breach. The company also promises to provide one year of free credit monitoring and identity theft protection to all guests who shopped our U.S. stores. Customers will have three months to enroll in the program. Additional details will be shared next week. To learn more, please go to target.com/databreach.
The announcement comes amid news of a disappointing holiday season for retailers. Target lowered its fourth quarter guidance Friday, expecting a comparable store sales decline of 2.5%. It previously said sales would be flat.