Turns out the security data breach last month not only compromised credit and debit cards of more than 40 million customers during three weeks of the busy shopping season, but hackers were also able to obtain "certain guest information" of up to 70 million customers, the Minneapolis-based company disclosed on Friday.
That information includes names, mailing addresses, phone numbers or email addresses, Target said.
While the data information "is partial in nature," in cases where Target has an email address, the company will attempt to contact affected guests, it said.
Guests will have zero liability for the cost of any fraudulent charges arising from the breach. Target is also offering one year of free credit monitoring and identity theft protection to all guests who shopped its U.S. stores. Guests will also have three months to enroll in the program, with additional details to be shared next week, it said.
"I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this," Target's Chairman and CEO Gregg Steinhafel said in a statement. "I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team."
Since Dec. 19, the day Target disclosed the hacking catastrophe, sales have taken a hit.