New York - Target said on Friday that up to 70 million customers were hit by the theft of data over the holiday shopping season, a far more serious breach than previously disclosed.
Shares of the company, which also slashed its fourth-quarter earnings forecast, fell slightly in early trading on Friday.
Grappled
The third-largest US retailer said in December that hackers had stolen data from up to 40 million credit and debit cards between 27 November and 15 December, the second-largest such breach reported by a US retailer.
The news raised concerns that Target had not yet fully grappled with the extent of the data breach.
The largest known breach at a US retailer, uncovered in 2007 at TJX Cos, led to the theft of data from more than 90 million credit cards over about 18 months.Target said an ongoing forensic investigation showed that certain customer information, in addition to the originally reported payment card data, had been stolen.
Swiped cards
The investigation showed that stolen information included names, mailing addresses, phone numbers and email addresses of customers in addition to those who swiped their cards during the 19-day breach period, said Target spokesperson Molly Snyder.
Target's disclosure on Friday was the first time it revealed the number of customers affected. Previously it has talked about the number of credit and debit cards affected.
Target said customers will have zero liability for the cost of any fraudulent charges.