Target data breach could affect 110 million customers

Target confirms data breach is bigger, more extensive

By Tony Statz - Producer

During the digital age, it's becoming one of our biggest financial nightmares: Our personal information falling into the wrong hands.

Now, Target is confirming up to 110 million consumers might be living that nightmare.

"I shop probably 3 times a week at Target, and as soon as I heard I checked my credit cards," said Trisha Habucke of Birmingham as she walked out of the Target in Allen Park.

"I think its something that's going to happen more and more at all the stores," said Ginger Vollmer, of Dearborn.

More: Target hack: Tips for all customers

Breach much bigger than reported

In December, Target reported the personal data of 40 million customers was stolen. At first, the retailer said only debit and credit card information was taken between Nov. 27 and Dec. 15, the beginning of the very busy Christmas season. A week later, the retailer admitted hackers has also taken "strongly encrypted" personal identification numbers when they tapped into the retailer's systems.

Target is now confirming up to another 70 million customers may have been affected, although there could be some overlap between the two groups. The store stresses both problems stem from the same breach, covering the same time period. Target has not offered an explanation on why the total number was not reported in December.

Ruth to the Rescue requested an interview, but was given a written press release.

The statement includes this message from Target CEO Gregg Steinhafel: "I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this."

This time, Target says the stolen information includes names, mailing addresses, phone numbers, and email addresses of those 70 million individuals. That gives the hackers all the elements they need for identity theft.

"If we thought they could recreate us when we thought it was 40 million, they could really recreate you now," said Professor Lewis Langham, of Cooley Law School in Auburn Hills.

He also says Target will need to do serious damage control. It's facing reaction like this from customers.

"I feel that Target is pretty irresponsible. In this day and age, you'd they that they'd have better security," said Trisha Habucke, of Birmingham.

"Well, they definitely has to do something to secure everybody's information," added Linda Krench, of Melvindale.

Professor Langham says if he was running Target, "I'm going to change my security system totally. Whatever I'm using I will no longer use again. Because quite obviously, it doesn't work!"

Target wants customers to know they will not be held liable for any fraud that results from the security breach. The store is also offering one year of free credit monitoring to all customers, but details won't be made public until next week.

How to protect yourself

If you used a credit card at Target between Nov. 27 and Dec. 15, there are some steps you can take to protect yourself.

1) Monitor the accounts that may have been hacked. You should be monitoring all your accounts ALL the time. You should always be checking your account online, at least once a week, to search for unauthorized charges. You should not wait for your written statement.
2) If you are very concerned about the security of your accounts, you can ask the three credit reporting agencies to put a fraud alert on your account. Those three agencies are Experian, TransUnion, and Equifax.
3) If you have used a debit card at Target during the affected times (or any time to be safe), you should probably change your PIN number at the very least. It might be a good idea to ask for a new card.
4) You can setup alerts on all of your accounts so you are notified if there are any suspicious charges as soon as the happen. That notification can come via text message, email, or phone call.

Finally, you should know the hackers may be selling your information on the black market and its possible that it will not be used right away. "I would suggest that not only do you maintain your vigilance now, you maintain that vigilance months and months down the line," said Professor Lewis Langham of Cooley Law School.

Target statement and link to credit monitoring

On Friday, Target announced updates on its continuing investigation into the recent data breach and its expected fourth quarter financial performance.

As part of Target's ongoing forensic investigation, it has been determined that certain guest information -- separate from the payment card data previously disclosed -- was taken during the data breach.

This theft is not a new breach, but was uncovered as part of the ongoing investigation. At this time, the investigation has determined that the stolen information includes names, mailing addresses, phone numbers or email addresses for up to 70 million individuals.

Much of this data is partial in nature, but in cases where Target has an email address, the Company will attempt to contact affected guests. This communication will be informational, including tips to guard against consumer scams. Target will not ask those guests to provide any personal information as part of that communication. In addition, guests can find the tips on our website.

"I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this," said Gregg Steinhafel, chairman, president and chief executive officer, Target. "I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team."

Guests will have zero liability for the cost of any fraudulent charges arising from the breach. To provide further peace of mind, Target is offering one year of free credit monitoring and identity theft protection to all guests who shopped our U.S. stores. Guests will have three months to enroll in the program. Additional details will be shared next week. To learn more, please go to

Copyright 2014 by All rights reserved. This material may not be published, broadcast, rewritten or redistributed.