NEW YORK - Fallout from Target's pre-Christmas security breach is likely to affect the company's sales and profits well into the new year.
The company disclosed on Friday that the massive data theft was significantly more extensive and affected millions more shoppers than the company reported in December. As a result of the breach, millions of Target customers have become vulnerable to identity theft, experts say.
The nation's second largest discounter said hackers stole personal information - including names, phone numbers as well as email and mailing addresses - from as many as 70 million customers as part of a data breach it discovered last month.
In this Dec. 19, 2013, file photo, a passer-by walks near an entrance to a Target retail store in Watertown, Mass. Target says that personal information — including phone numbers and email and mailing addresses — was stolen from as many as 70 million customers in its pre-Christmas data breach. That was substantially more customers than Target had previously said were affected.
Target announced on Dec. 19 that some 40 million credit and debit card accounts had been affected by a data breach that happened between Nov. 27 and Dec. 15 - just as the holiday shopping season was getting into gear. As part of that announcement, the company said customers' names, credit and debit card numbers, card expiration dates, debit-card PINs and the embedded code on the magnetic strip on the back of cards had been stolen.
According to new information gleaned from its investigation with the Secret Service and the Department of Justice, Target said Friday that criminals also took non-credit card related data for some 70 million shoppers who could have made purchases at Target stores outside the late Nov. to mid-Dec. timeframe.
Some overlap exists between the two data sets, the company said Friday. That means that more than 70 million people may have had their data stolen.
The latest developments come as Target said that just this week it was starting to see sales recover from the crisis. The company, however, cut its earnings outlook for the quarter that covers the crucial holiday season and warned that sales would be down for the period.
But with the latest news, some analysts believe the breach could be a financial drag on the company for several more quarters.
"This is going to linger like a black cloud over the company's financials for the first half of the year," said Brian S. Sozzi, CEO & chief equities strategist at Belus Capital Advisors.
Meanwhile, the Attorney General from New York announced that it is participating in an investigation into the security breach. Attorney General Eric T. Schneiderman called the latest news "deeply troubling."
Molly Snyder, a Target spokesman, told The Associated Press that she didn't have new details to share about how the data breach was conducted. The company has only said that its point-of sale system in its U.S. stores was compromised.
"I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this," said Gregg Steinhafel, Target chairman, president and CEO, in a statement.
The theft from Target's databases could potentially be the largest data breach on record, surpassing an incident uncovered in 2007 that saw more than 90 million credit card accounts pilfered from TJX Cos. Inc.