News

Target says data theft larger than originally thought

Target says data theft larger than originally thought

TARGETED: The nation's third-largest retailer says new evidence shows more customer information may have been stolen in the second-largest data theft in American history. Photo: Associated Press

By Dhanya Skariachan and Jim Finkle

NEW YORK/BOSTON (Reuters) – The data breach at Target Corp over the holiday shopping season was far bigger than initially thought, the U.S. retailer said on Friday, as state attorneys general announced a nationwide investigation into the cyber-attack.

The personal information of at least 70 million customers was stolen by cyber-criminals, including names, mailing addresses, phone numbers and email addresses, Target said. Previously, it said data was stolen from some 40 million credit and debit cards between Nov. 27 and Dec. 15.

Spokeswoman Molly Snyder said it was likely the two groups overlap, but said the extent of overlap was not clear yet.

“I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this,” Target Chief Executive Gregg Steinhafel said in a statement on Friday.

The No. 3 U.S. retailer lowered its fourth-quarter profit forecast, in part due to weaker-than-expected sales since reports of the cyber-attack emerged in mid-December. Shares of Target fell 1 percent to $62.72, hovering near a year-low.

Security experts said they feared Target has not yet fully grasped the scope of the data breach, which is considered the second biggest payment card attack in retail history.

“I think they still have no idea how big this is,” said David Kennedy, a former U.S. Marine Corps cyber-intelligence analyst who runs his own consulting firm, TrustedSec LLC.

Attorneys general from New York and Massachusetts announced on Friday that they were joining a nationwide probe into the security breach. New York Attorney General Eric Schneiderman called Target’s announcement on Friday “troubling”.

“Consumers in New York and around the country expect and deserve companies to protect their personal information when they shop on websites and in their stores,” Schneiderman told Reuters.

Jaclyn Falkowski, a spokeswoman for the Connecticut Attorney General, said: “We are actively engaged in investigating this matter with colleagues across the country and will be looking at these new and serious aspects disclosed by Target today as part of that investigation.”

Target said last month that hackers stole data from up to 40 million credit and debit cards during the peak holiday shopping season. Information security experts said the data could be used to fabricate false magnetic strip credit cards.

Cyber-criminals typically sell stolen personal information on underground exchanges for use in email “phishing” campaigns aimed at persuading victims to hand over even more sensitive information, such as bank account numbers.

If a Target customer’s information was stolen, “I would be very careful in looking out for phishing scams,” said Mikko Hypponen, chief research officer for the computer security software company F-Secure.

Reports of fraudulent card charges have been growing since the breach was disclosed, said an executive at one major card issuer who asked not to be identified.

The full magnitude of the damage won’t likely be known until later in January, when customers receive and examine their monthly statements and call their banks, the executive said. He added that in past cases, it has taken 30 to 45 days for the vast majority of bad charges to surface.

Target and credit card issuers have said customers will have zero liability for the cost of any fraudulent charges.

The largest-known breach at a U.S. retailer, uncovered in 2007 was at TJX Cos Inc, where more than 90 million credit cards were stolen over about 18 months.

“DISMAL” SALES

On Friday Target cut its fourth-quarter adjusted earnings forecast for U.S. operations to $1.20 to $1.30 per share from $1.50 to $1.60.

The Minneapolis-based company also forecast a 2.5 percent decline in fourth-quarter same-store sales. It had forecast flat sales.

Target expects full-year earnings per share to include charges related to the data breach, but said it could not estimate the costs.

Janney Capital Markets analyst David Strasser described Target’s holiday sales report card as “dismal.”

“We all knew it was going to be bad at Target, but it was the magnitude of decline that was unclear,” he said. “Clearly, the first half of the fourth quarter was impacted by an aggressive holiday season across retail, but the credit card data breach had a significant impact post December 19th.”

“The key risk remains the time it takes for consumers to forgive Target. If this is like past breaches this should normalize as the year progresses,” said Strasser.

(Additional reporting by Karen Freifeld and Jilian Mincer in New York, Siddharth Cavale in Bangalore and Alina Selyukh in Washington; Writing by Richard Valdmanis; Editing by Tiffany Wu and Jeffrey Benkoe)

Latest Headlines

in Music

The Beatles wanted to film ‘Lord of the Rings’

FILE- This is a 1967 handout image from Parlophone of The British group, The Beatles,. From left, are: Ringo Starr, John Lennon, Paul McCartney; and George Harrison. The woman who as a child was the basis for the Beatles song "Lucy in the Sky with Diamonds" is gravely ill. It was thought by many at the time that the psychedelic song from Sgt. Pepper's Lonely Heart Club Band was a paean to LSD because of the initials in the title, but it was actually based on a drawing that John Lennon's young son Julian brought home from school. He told his father the drawing was of Lucy in the sky with diamonds. Lucy Vodden, now living in Surrey just outside of London _ drifted apart after schoolyard days, but they have gotten back in touch as Lennon has tried to help Vodden cope with Lupus, a life-threatening disease.

Peter Jackson reveals John Lennon could have played Gollum in a Stanley Kubrick directed LOTR adaptation.

in Entertainment

Fans support campaign to keep Sean Bean alive in new show

British actor Sean Bean arrives for a special UK screening of Cleanskin, at the Mayfair Hotel in central London, Monday, March 5, 2012.

The "Game of Thrones" actor has died more than 20 times in his career, and fans want it to stop.

in Entertainment

‘Guardians of the Galaxy’ sequel set for 2017

Guardians Of The Galaxy

Marvel unveils plans to press ahead with a sequel to "Guardians of the Galaxy," days before the superhero movie even hits theaters.

in Lifestyle

Amazon offers 3D printing to customize products

A box from Amazon.com is pictured on the porch of a house in Golden, Colorado on July 28, 2008.

Amazon will offer 3D printing services that allow customers to customize and build earrings, bobble head toys and other items.

in Lifestyle

U.S. doctor contracts Ebola in Liberia

In this 2014 photo provided by the Samaritan's Purse aid organization, Dr. Kent Brantly, left, treats an Ebola patient at the Samaritan's Purse Ebola Case Management Center in Monrovia, Liberia. On Saturday, July 26, 2014, the North Carolina-based aid organization said Brantly tested positive for the disease and was being treated at a hospital in Monrovia.

American doctor, Kent Brantley, has tested positive for the tropical disease Ebola.