Nearly a third of American adults may have been affected by the Target security breach, according to The New York Times. Target said Friday that data was stolen from at least 70 million customers and possibly as many as 110 million customers.
Target also said hackers obtained many mailing and email addresses, names and phone numbers; the kinds of information routinely collected from online shoppers or customers using a call center.
A news release on Target's website said the company would try to contact "affected guests" for whom it has an email address. It said customers will bear no liability for fraudulent charges stemming from the breach. The company is offering one year of free credit monitoring and identity theft protection to Target shoppers in the U.S. Target has set up a web page to update customers about actions they can take in the wake of the breach.
“I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this,” said Gregg Steinhafel, chairman, president and chief executive officer, Target. “I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team.”
The news release also said the company has lowered its fourth quarter 2013 financial projections. It said that company sales were stronger than expected before the breach but "meaningfully weaker" after it.
Forbes.com said the company finished 2013 with a 7.6 percent gain in the stock market. Target expects to incur large costs for the fourth-quarter and beyond including liability to card networks. liability from civil litigation, governmental investigations and consulting fees. Target will announce its full fourth quarter results on February 26, 2014.
The Star Tribune reports that holiday sales were also lower than expected for other retailers such as American Eagle Outfitters, Pier 1 Imports and Bed, Bath and Beyond. Still, the impact of the breach on Target will be significant.
Kantar Retail analyst Amy Koo said, "They were already on shaky ground. Now the data theft really shakes this up."
USA Today calls the breach a watershed event for retailers and bank card companies. It reports security experts expect the U.S. to remain behind the curve until at least October 2015. That's the target date credit card companies have set to complete a transition from magnetic strip technology to more secure chip cards. ATMs, bank authorizations systems, and retailers will have to work together on a costly and tedious process.
"It's going to be one of the largest conversions of our payment system in many, many years," said Mary Ann Miller, managing director of fraud consulting at Nice Actimize, which sells financial crime-prevention software.
The secure chipped Smart Card technology is common in about 80 other countries, Miller said.
Until the Target breach, retailers had not considered switching technology cost effective.
"Until recently, this kind of fraud has been considered manageable," said Randy Vanderhoof, executive director of the Smart Card Alliance, an association of companies using chip technology. "It would be easier to absorb the loss from the counterfeit fraud than to replace the 1.2 billion credit cards and debit cards that are in the market today and 10 million card readers that are in retail stores."
Meanwhile Brian Krebs, the blogger who broke news of the breach on his website Krebs on Security, wrote that Neiman Marcus confirmed Friday that its data was also breached in mid-December. A company spokesperson said a third-party forensics firm is investigating.
BringMeTheNews reported that fraud analysts suspect the breach was instigated by an insider at Target.