(USA TODAY) -- The massive data breach at Target over the holiday season ispotentially much worse than the retailer first reported - as many as 110million people may have had their identity and financial information compromised, the retailer says.
It remains unclear just how many individuals are affected and how.The company's ongoing investigation found that up to 70 million peoplehad personal information stolen in the breach; in December, Targetdisclosed that 40 million accounts had been hacked.
The amount of overlap between the two figures - 70 million and 40million - is uncertain. Target averages 30 million customers a week.
Theretailer said Friday that "the stolen information includes names,mailing addresses, phone numbers or e-mail addresses for up to 70million individuals."
"I know that it is frustrating forour guests to learn that this information was taken, and we are trulysorry they are having to endure this," Target CEO Gregg Steinhafel saidin a press release.
Alongwith the encrypted PIN data, Target previously said that data thievesstole customer names, credit and debit card numbers, card expirationdates and the embedded code on the magnetic strip on the back of cardsused at Target between Nov. 27 and Dec. 15. The breach occurred aftercybercriminals forced their way into Target's data system.
Theremay be overlap in customers who had both personal identificationinformation stolen as well as credit and debit card data, but Targetdoesn't know to what extent, says spokeswoman Molly Snyder.
Newsof the additional stolen data brings the total number of potentialcustomers affected up to 110 million. It also may increase the threat ofidentity theft, says Greg McBride, senior financial analyst atBankrate.com.
"For somebody to actually go out and open credit inyour name, it's pretty tough to do if they don't have your Social(Security number)," he says. "But if they have your Social and have allthis other stuff too, it compounds the problem."
Customers involved are also at greater risk of being targeted by e-mail scams, he says.
To give "peace of mind," the Minneapolis-based retailer will offer free credit monitoring and identity theft protection to all its customers, with an opportunity to enroll over the next three months.
Target shares were down 1.2% to $62.56 in afternoon trading.
ForTarget customers who had their information stolen, the incident hasmeant hours spent speaking with banking customer servicerepresentatives, having to close accounts, be issued new credit anddebit cards - and updating online accounts with the new information -and file identity theft reports.
Karen Raper, 46, from Lula, Ga.,spent two hours talking to her bank on Christmas Eve after it notifiedher of suspicious activity showing up on her account from Ohio. Raperhad shopped at Target on Black Friday, buying a camera for her daughter.Fifth Third Bank closed her account, will refund her the $300 that wascharged and issue her a new card. But Raper says she's reluctant to headback to Target.
Kim Thompson, 39, says the situation makes her"angry, frustrated and concerned." Thompson, from Memphis, used herdebit card to purchase groceries at Target at the beginning of December.She says she'll continue to shop there because it's convenient, butthat she'll only use cash.
"This is a lesson to just sort of allof us to be constantly monitoring your accounts for unauthorizedtransactions," McBride says. "Because you have no liability as long asyou report that to your financial institution."
Others are put offby a seeming lack of communication from Target. Those interviewed byUSA TODAY say the first time they heard their information wascompromised was, in most cases, from their bank, not the retailer.
"If Target does anything, it just seems like I have to either look it up or hear about it secondhand," says Jackie Chavez, 40.
Chavez,from El Paso, shopped at Target on Black Friday and found out afterChristmas from her bank that there was suspicious activity on heraccount.
Target e-mailed customers it thought were affected, andfor whom it had e-mail addresses, in the days after the breach was firstannounced Dec. 19. Snyder says that amounted to "millions of e-mails."It will do the same for the additional customers it's now found to beinvolved. The company also created a dedicated page on its website forthe data breach, including resources about identity theft and creditreports.
Themost recent announcement about the breach comes amid news of anunsuccessful holiday season for retailers and follows otherdisappointments at Target. Target lowered its fourth-quarter guidanceFriday, expecting a comparable store sales decline of 2.5%. Itpreviously said sales would be flat.
Target also revealed at theend of December that some gift cards sold during the holidays weren'tfully activated, but that it would still honor the faulty cards.
Theretailer will close eight stores in May. The stores are in West Dundee,Ill.; Las Vegas; North Las Vegas; Duluth, Ga.; Memphis; Orange Park,Fla.; Middletown, Ohio; and Trotwood, Ohio.
You may also like...
Weird Florida: A look back at some of the strangest stories of the year
Miracle Baby:Tampa toddler has 5-organ transplant
Here kitty, kitty:Lion escapes enclosure at Pasco sanctuary
Animal tragedy:Girl's miniature horse attacked by dogs
#ShortYellows: Florida quietly shortened yellow lights
Kittens shot:Officer shoots kittens in front of children
Popular photo galleries:
Faces of Meth:Devastating before and after photos of meth abusers
Trayvon Martin Shooting:Trayvon Martin crime scene photos and George Zimmerman injury photos
Hooters Winners:Winners of the 2013 Hooters swimsuit pageant
Rejected:Funny Florida license plates rejected by the DMV ***warning graphic***
Deadly sinkhole:Home collapses, man dies in giant sinkhole
Florida Sex Offenders:Look up sex offenders in any Florida neighborhood here
Restaurant Inspections:Look up inspection reports for any Florida restaurant here