US retailer Target says that up to 70 million customers may have had their card details compromised during a data breach incident in December, far more than the initial 40 million estimate.
Last month, Target confirmed that approximately 40 million credit and debit card accounts may have been impacted over a two-week period beginning on Black Friday, the busiest shopping day of the year.
In an update on its ongoing forensic investigation into the breach, Target now says that up to 70 million individual customer details have been snared by the attack.
Furthermore, the retailer has ascertained that other customer information - separate from the payment card data previously disclosed - was taken, including names, mailing addresses, phone numbers or email addresses.
Gregg Steinhafel, chairman, president and chief executive officer, Target, says: "I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this."
He says the company will be in touch with customers whose e-mail addresses may have been hijacked to warn them to be on their guard.
"This communication will be informational, including tips to guard against consumer scams," says Target in a statement. "Target will not ask those guests to provide any personal information as part of that communication."
Target is offering one year of free credit monitoring and identity theft protection to all customers who bought goods at any of the retailer's stores during the period in question, and a zero-liability agreement against any losses incurred as a result of the breach.