Target Corp.'s holiday data breach was bigger than the company had previously said, penetrating more systems and compromising a new set of personal information affecting up to 70 million people.
The operator of nearly 1,800 U.S. stores said the data included a mix of names, mailing addresses, phone numbers and email addresses—information that is semipublic but which law-enforcement officials said is valued by thieves who could use it to lure victims with fake emails or hack into other accounts.
Target said the information was stored separately from the 40 million credit and debit card accounts that the company had previously said were affected. There was some overlap between the two sets of stolen data, but Target didn’t say how extensive it was. The entry point for the attack has been identified and closed, spokeswoman Molly Snyder said.
Late Friday, luxury retailer Neiman Marcus Inc. said it too was the victim of a suspected cyberattack over the holidays in which some of its customers credit-card information may have been stolen.
The U.S. Secret Service, which often handles credit-card fraud, is investigating the matter, a Neiman Marcus spokeswoman said. It is unclear how many customers may have been affected. Krebs on Security, a computer security blog, reported the Neiman Marcus breach earlier.
The back-to-back disclosures by two household names are likely to heighten shoppers’ concerns about the security of their personal and financial data.