Turns out the security data breach last month not only compromised credit and debit cards of more than 40 million customers during three weeks of the busy shopping season, but hackers were also able to obtain "certain guest information" of up to 70 million customers, the Minneapolis-based company disclosed on Friday.
That information includes names, mailing addresses, phone numbers or email addresses, Target said.
While the data information "is partial in nature," in cases where Target has an email address, the company will attempt to contact affected guests, it said.
Guests will have zero liability for the cost of any fraudulent charges arising from the breach. Target is also offering one year of free credit monitoring and identity theft protection to all guests who shopped its U.S. stores. Guests will also have three months to enroll in the program, with additional details to be shared next week, it said.
"I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this," Target's Chairman and CEO Gregg Steinhafel said in a statement. "I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team."
Since Dec. 19, the day Target disclosed the hacking catastrophe, sales have taken a hit.
Target slashed its fourth-quarter earnings guidance. It now expects earnings from its U.S. segment specifically in the range of $1.20 to $1.30 a share, down from $1.50 to $1.60 a share. The company is anticipating fourth-quarter comparable sales growth to be flat to negative 2.5% for its U.S. operations.
Target is also closing eight U.S. stores on May 3, 2014.
The company said prior to Dec. 19 announcement, the number of customers who signed up for Target's REDcard was "in line" with year-to-date trends. However, since the announcement, "penetration growth has moderated but remains hundreds of basis points stronger than a year ago," it said.
The company said it is not able to provide guidance at this time for GAAP earnings estimates, however earnings will include 5 cents to 10 cents of dilution related to the store closings, approximately 45 cents of dilution related to the company's Canadian segment compared to prior guidance of a loss between 22 cents to 32 cents, primarily drive by gross margin impacts to clear excess inventory and 1 cent dilution related to interest from the sale of its credit card portfolio.
That doesn't include whatever charges the company takes related to the data breach. Target said it was not able to estimate the costs of the data breach at this time, but said they "may have a material adverse effect on Target's results of operations in fourth quarter 2013 and/or future periods."
Target shares were sinking 0.69% to $62.90 in Friday's trading.
Coincidentally, Goldman Sachs decided to upgrade Target to a "buy" rating and raised its 12-month price target by $1 to $72 in an earlier note on Friday.
"We model sharp acceleration in earnings momentum after a difficult 2013, and note that the stock trades at one of the lowest multiples in our coverage universe, and has responded modestly to bad news of late," Goldman analyst Matthew Fassler writes in a research note. "We look for acceleration in U.S. sales trends on a macro recovery in spending by middle income consumers; moderating losses in Canada after a problematic launch; and, increased traction online after a slow start. Moreover, the impact of a recent payment card breach, an unwelcome distraction for the firm and its customers, should prove manageable for the balance sheet and franchise."
Prior to Target's announcement Fassler had already expected the retailer to fall short of its fourth-quarter earnings guidance.
He cut his estimates for the year by 10 cents a share and now expects Target to post earnings of $3.44 for the year. Consensus estimates are looking for the retailer to post full- year earnings of $3.60 a share.
--Written by Laurie Kulikowski in New York.