January 10, 2014 5:00 pm -

Target Data BreachUPDATED: Originally, it had been reported that hackers had stolen data on some 40 million Target customers. The security breach, which went way beyond just lifting credit card numbers, turned out to be much worse according to a report published early Friday:

Hackers stole personal information with details of up to 70 million people – a third of American adults – including phone numbers, email and home addresses, the US retail chain Target admitted on Friday.

The management said that the extent of a 19-day pre-Christmas breakin to its computer systems was far greater than it had thought when in late December it estimated the number of credit and debit cards affected at 40m. It hadn’t previously said how many people were affected.

Analysts reckon it will affect more people than the card-skimming operation at TJX Cos Inc in 2007, which was reckoned to affect 90m cards over an 18-month period. “I think they still have no idea how big this is,” David Kennedy, who runs the consulting firm TrustedSec told Reuters. “This is going to end up being much larger than 70 million and end up being the largest retail breach in history.”

The chain previously disclosed to customers that names, credit and debit card numbers, card expiration dates, PINs and the embedded code on the magnetic strip on the back of cards had been stolen. It has assured customers that they won’t be liable for any fraudulent charges that result from the breach.

70 million? Slashdot revises the number upward:

“Guest information” such as emails, phone numbers and street addresses isn’t stored with the track data, however, according to both PCI rules and Target’s admission that the theft of guest information was separate from the theft of track data, though related to it.

That raises the number of compromised accounts to 110 million, not 70 million – 40 million cards and 70 million “guest” accounts from a separate system.

There may be some overlap between the two groups of compromised accounts, Target spokesperson Molly Snyder told NBC News Jan. 10, but provided no other detail about how the two data sets are related or what it means about the source of the attack.

She admitted to The Washington Post, however, that the attack may well have affected more than 100 million customers, not 70 million, as today’s announcement implied.

The new revelations also say nothing about Target’s own security or methods used by the attackers.

D.B. Hirsch
D.B. Hirsch is a political activist, news junkie, and retired ad copy writer and spin doctor. He lives in Brooklyn, New York.