The massive data breach that hit Target during the holiday shopping rush may have ensnarled up to 110 million of its customers and compromised more kinds of personal data than originally thought, the company disclosed Friday.
Target announced in December that payment data for roughly 40 million customers who used credit and debit cards in their stores between Nov. 27 and Dec. 15 was at risk. On Friday, it said an ongoing internal investigation into the hack found that the breach also included names, mailing addresses, phone numbers or email addresses for 70 million customers. Some of the personal information stolen was obtained by the store prior to the breach. A spokeswoman for the company told NBC News there could be some overlap between the two groups of data.
"I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this," Gregg Steinhafel, chairman, president and chief executive officer for Target said in a statement. "I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team."
Much of the customer data stolen in the breach, which occurred at stores throughout the United States, was "partial in nature," Target said. The company is offering one year of free credit monitoring and identify theft protection to "all guests who shopped at our U.S. stores."