The retailer Target, which confirmed last month that credit and debit card information for about 40 million of its customers was stolen, today said a separate set of information on up to 70 million customers was also stolen. This theft of data occurred as part of the same data breach affecting the 40 million cards, but Target confirmed that the newly disclosed portion of the breach is "separate from the payment card data previously disclosed." Target discovered this separate data theft while investigating the previously disclosed one.
"At this time, the investigation has determined that the stolen information includes names, mailing addresses, phone numbers or e-mail addresses for up to 70 million individuals," Target said today. "Much of this data is partial in nature, but in cases where Target has an e-mail address, the Company will attempt to contact affected guests. This communication will be informational, including tips to guard against consumer scams. Target will not ask those guests to provide any personal information as part of that communication."
Even though the theft disclosed today affects more people, the previous one of 40 million cards was likely the more severe one. As reported last month, the stolen credit card information was flooding underground markets frequented by criminals, who paid as much as $100 per card. Journalist Brian Krebs reported that cards stolen in the massive Target hack were "selling in batches of one million cards and going for anywhere from $20 or more than $100 per card."