The chain also indicated its sales have been hurt by the breach, cutting its forecast for fourth-quarter earnings and a key sales barometer.
Target Corp. announced in December that about 40 million credit and debit cards may have been affected by a data breach that happened between Nov. 27 and Dec. 15 – just as the holiday shopping season was getting into gear.
But the net has now been cast wider, with more shoppers potentially impacted.
The company told customers Friday that its ongoing investigation of the breach has shown that more personal information had been stolen than it was aware of before and more customers were affected. It previously disclosed to customers that names, credit and debit card numbers, card expiration dates, debit-card PINs and the embedded code on the magnetic strip on the back of cards had been stolen.
“I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this,” Chairman, President and CEO Gregg Steinhafel said in a statement.
The company said customers won’t be liable for the cost of any fraudulent charges that stemmed from the breach.
Target said it will try to contact customers it has email addresses for to provide tips on how to safeguard against consumer scams. The company said it won’t ask customers for any personal information during its email communications.
It’s also offering a year of free credit monitoring and identity theft protection to customers that shopped at its stores. Individuals will have three months to enroll in the program. Target said it will provide more details on that next week.
Target lowered its fourth-quarter adjusted earnings guidance to a range of $1.20 to $1.30 per share, down from $1.50 to $1.60 per share.