Data breach at US retailer Target affected 70m customers

Friday 10 January 2014 16.18
The breach includes names, mailing addresses, phone numbers or email addresses for up to 70 million people, Target said
The breach includes names, mailing addresses, phone numbers or email addresses for up to 70 million people, Target said

US retailer Target has said its recent data breach affected about 70 million customers, more than it initially estimated, and that the hacking incident had hit December sales.

Target, one of the biggest US retailers after Wal-Mart Stores, sharply lowered its fourth-quarter earnings outlook and said it was unable yet to estimate the costs related to the breach.

Target revealed on 19 December its payment card data had been breached, affecting about 40 million customers. 

The stolen data included credit and debit card data, customer names and PIN details.

However in investigating the 27 November - 15 December breach, Target said, it uncovered other types of information were also stolen.

The information theft includes names, mailing addresses, phone numbers or email addresses for up to 70 million people, it said in a statement.

"I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this," Gregg Steinhafel, Target chairman, president and chief executive, said in the statement.

Target said consumers would have "zero liability" due to any fraudulent charges arising from the breach. It offered one year of free credit monitoring protection.

Target also said fourth-quarter earnings had been hit by "meaningfully weaker-than-expected sales" since it disclosed the data breach. 

Target now expects fourth-quarter comparable store sales to decline 2.5% from its prior forecast of flat sales.

Target said earnings for its US segment were estimated for the fourth quarter at $1.20-$1.30 per share, down from the prior guidance of $1.50-$1.60 per share.

The company said it may need to take a charge for expenses related to the data breach to cover a number of potential costs, including reimbursements for credit card fraud, liabilities from civil litigation, government investigations and enforcement proceedings.

"These costs may have a material adverse effect on Target's results of operations in fourth quarter 2013 and/or future periods," Target said.

Target shares have underperformed the S&P 500 since the disclosure. Target shares dropped 0.7% in opening trade.