This post was modified from its original version on 1/10/2014 to correct the total number of customers hit by Target’s security breach.
Target said Friday that the data breach that stole consumers’ personal information during the peak of holiday shopping is larger than the retailer initially thought.
Up to 70 million individuals had their information stolen during a data breach from Nov. 27 and Dec. 15, in addition to the 40 million shoppers whose credit and debit card were reported as compromised. Target said in a statement that the “theft is not a new breach, but was uncovered as part of the ongoing investigation.”
“Certain guest information — separate from the payment card data previously disclosed — was taken during the data breach,” Target said.
The stolen information included names, mailing addresses, phone numbers or email addresses, Target said, and “most of this data is partial in nature.” The company said it will attempt to contact affected customers by email, but won’t ask for any personal information.
“I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this,” said Gregg Steinhafel, president and chief executive officer of Target. “I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team.”
It’s bad news on top of bad news on top of bad news. U.S. retailers this week reported their lowest holiday sales growth in four years, a crushing revelation that huge sales and continuous promotions didn’t convince shoppers to hit the stores, according to retail industry tracker ShopperTrak. The group said the number of people entering brick-and-mortar stores in the U.S. fell 14.6 percent, while retail sales rose a meager 2.7 percent between Thanksgiving and Christmas. The National Retail Federation, the industry trade organization, had predicted a 3.9 percent increase.
Target also said Friday its sales took a hit after revelation of the data breach on Dec. 19 — in the thick of holiday shopping. The Minnesota-based retailer said its fourth quarter profits would come in lower than expected, with sales expected to fall 2.5 percent from last year. To no one’s surprise, the massive heist of credit card and other personal information scared people away from the big-box store, and Target’s consolation last-minute sales and extended hours before Christmas came too little to late.
But some pundits say Target earned points for its honesty about the data breach, and many customers will return.
“Target is a very forthcoming company,” said Jim Cramer, host of CNBC’s “Mad Money.” “I think the business will do terrifically well in the future.”
“There was a momentary decline in traffic,” he added. “The traffic is coming back.”
Target also announced Friday that it plans to close eight U.S. stores on May 3 because of unsatisfactory financial performance.
Macy’s also announced this week it would lay off 2,500 workers and close five stores.
Target stocks were down about 1 percent Friday morning to just more than $62. That marks a 6.5 percent drop in less than two months, from a high of $66.89 on Nov. 15. Shares plummeted 2 percent the day the breach was revealed.
Given the news that another 70 million customers may have had their information stolen, here’s a reminder of what to do if you shopped at Target during the breach from the Mercury News’ Steve Johnson and some general advice on how to protect yourself from identity theft.