Target has confirmed non-credit card personal information was stolen from as many as 70 million customers in the pre-Christmas data breach that's still under investigation.
The company said there is some overlap with the 40 million payment card accounts affected by the Nov. 27 to Dec. 15 breach. Personal information stolen includes phone numbers, emailaddresses and mailing addresses.
"As part of Target's ongoing forensic investigation, it has been determined that certain guest information -- separate from the payment card data previously disclosed -- was taken during the data breach," Target said in a statement. "This theft is not a new breach, but was uncovered as part of the ongoing investigation."
In cases where Target has an email address, the company will attempt to contact affected customers with information and tips to protect themselves against scams. Target will not ask customers to provide any personal information as part of the email.
"I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this," Target CEO Gregg Steinhafel said in a statement. "I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team."
ZERO LIABILITY + FREE CREDIT MONITORING
Target maintains customers will have "zero liability for the cost of any fraudulent charges arising from the breach."
Target is offering one year of free credit monitoring and identity theft protection to all customers who shopped our U.S. stores. Customers have three months to enroll in the program. More info is posted at target.com/databreach.