On January 10, 2014, Target released an update with new details about the December data breach in which credit card information for millions of consumers was stolen. Immediately after the breach was discovered, Target partnered with a forensics firm to identify the extent of the problem and what went wrong.
The January 10 announcement from Target said, “As part of Target’s ongoing forensic investigation, it has been determined that certain guest information—separate from the payment card data previously disclosed—was taken from Target. This theft is not a new breach, but was uncovered as part of the ongoing investigation. At this time, the investigation has determined that the stolen information includes names, mailing addresses, phone numbers or email addresses for up to 70 million individuals.”
In addition to an apology from Gregg Steinhafel, chairman, president and chief executive officer of Target, the company also reiterated that Target consumers should not be forced to pay for what happened. The announcement stated, “Guests will have zero liability for the cost of any fraudulent charges arising from the breach. To provide further peace of mind, Target is offering one year of free credit monitoring and identity theft protection to all Target guests who shopped our U.S stores.” In order for consumers to take advantage of this offer, they must enroll by mid February.
In the wake of one of the largest data breaches in history, email and texting scams have proliferated in which recipients are warned that their information has been compromised. These communications pressure the recipient to take immediate action using a link or website address. The January 10 announcement advises customers that while much of the compromised data is incomplete, Target may attempt to communicate with affected customers, but unlike the fake email and texting messages, Target will not demand action by the recipient.
“In cases where Target has an email address, we will attempt to contact affected guests. This communication will be informational, including tips to guard against consumer scams. Target will not ask those guests to provide any personal information as part of that communication. In addition, guests can find the tips at Target.com/databreach, along with updated information in the Data Breach FAQs to help answer questions and provide additional resources.”
Information about the breach continues to be available from Target at the Data Breach Issues Hub.