The revelations about Target’s (TGT) data breach continue to get worse, with the retailer now estimating that up to 70 million customers have been impacted, almost twice as many as the 40 million it had earlier disclosed.
Target said that its forensics investigation has found that “certain guest information — separate from the payment card data previously disclosed — was taken during the data breach.”
The stolen information includes names, mailing addresses, phone numbers and email addresses for as many as 70 million people, the company said in a statement issued Friday. The company said much of the data is “partial in nature,” and will contact customers for whom Target has an email address.
Target’s woes are now extending to its financial results, with the company warning that sales have been impacted by the data breach as fewer shoppers patronized its stores after the revelation. It warned that fourth-quarter revenue likely declined by 2.5 percent, as sales were “meaningfully weaker-than-expected” after the theft was announced.
“I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this,” Target chief executive Gregg Steinhafel said in the statement. “I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team.”
That’s probably providing little peace of mind to Target customers, many of whomhave already expressed frustration at what they’ve seen as a poor response to the data theft.
Part of the problem for Target is that it released information about the data theft in dribs and drabs. While it first said no PIN data was compromised during the theft, the retailer later said encrypted PIN numbers were actually stolen during the breach.
With the latest revelation about the widening scope of the breach, customers expressed more anger toward Target via its Facebook page.
“Now we hear our names and email address too!! You have been hiding info from the start on this to get past Christmas. I will NEVER shop at Target again!!” one customer wrote on the Facebook page.
Investors are also likely to feel burned. Along with the warning on weaker sales, Target lowered its fourth-quarter earnings outlook to $1.20 to $1.30 per share, compared with previous guidance of $1.50 to $1.60 per share.
As for the breach’s costs to Target, the company said it was unable to provide an estimate. The impact will likely include reimbursements of credit-card fraud, card re-issuance costs and litigation costs, among many other items.
Target is also planning to close eight stores in May, after “careful consideration of each location’s financial performance.” They are stores located in West Dundee, Ill.; Las Vegas, Nev.; North Las Vegas, Nev.; Duluth, Ga.; Memphis, Tenn.; Orange Park, Fla.; Middletown, Ohio; and Trotwood, Ohio.
But the bottom line for many Target customers will be a continued feeling of concern about the scope of the breach, given that the latest news that the theft was even worse than first suspected.