Target announced Friday that the theft of personal information about its customers affected millions more people than it originally reported.
The company first said that the breach happened over a three-week period, from November 27 to December 15, during the prime holiday shopping season and involved 40 million credit and debit card accounts. It initially said that only account numbers, customer names and security codes were stolen.
Target has not released information about how the data was stolen, but it now says in an online statement that "the investigation has since determined that the stolen information includes names, mailing addresses, phone numbers or email addresses for up to 70 million individuals."
The company told Bloomberg News that it's not yet clear how much overlap there is between the original 40 million card accounts and the 70 million people covered by the new announcement.
“I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this," Gregg Steinhafel, Target's chairman, president and chief executive officer said in the statement. "I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team."
Target has said that customers who suffer fraud because of this breach will not be held liable, and many banks have posted statements about how they're handling the situation.
To learn more, visit target.com/databreach.