Target shifted into crisis-management mode Monday, reaching out to the up to 110 million customers who may have been affected by a massive data breach at its stores during the holiday season.
The retailer, one of the largest in the country, took out full-page ads in major newspapers, including The Washington Post, to apologize to its customers. It also released an online guide for avoiding scams in which criminals may try to use the personal information potentially compromised in the attack.
“Our top priority is taking care of you and helping you feel confident about shopping at Target, and it is our responsibility to protect your information when you shop with us,” Gregg Steinhafel, Target’s chief executive, said in the statement. “We didn’t live up to that responsibility, and I am truly sorry.”
Target said Friday that the data breach that enabled hackers to steal credit card and debit card information from as many as 40 million shoppers also compromised the personal data of an additional 70 million customers. The stolen information included names, phone numbers and e-mail addresses.
Target’s announcement was followed this weekend by one from luxury retailer Neiman Marcus, which said it also suffered an attack in December that resulted in the theft of shoppers’ credit card data. New York Attorney General Eric T. Schneiderman said Monday that his office was investigating “recent reports of security breaches involving other retailers.”
Under pressure from the attorney general’s office, Target rolled out a free credit-monitoring program on its Web site Monday. The service, offered in partnership with credit-reporting agency Experian, is available to any Target customer, not just those affected by the breach.
“I strongly encourage other retailers that have seen large-scale data breaches to offer free credit monitoring to their customers as well,” Schneiderman said in a statement.
Following revelations about the data breach, Target’s attempts to address consumers’ concerns have only triggered more questions, especially from shoppers worried about the scale of information the retailer collects on its customers.
Some have questioned whether the company’s practice of scanning a driver’s license when customers purchase alcohol has put more personal data at risk. Target spokeswoman Molly Snyder said the investigation is ongoing, but there has been no indication that driver’s license data was affected in the attack.
Jeff Holtmeier of Fairfax, Va., has been worried since discovering that he used his Target Red Card during the period in which Target said the data was stolen, Nov. 27 to Dec. 15. He has already received two suspicious e-mails from unknown senders that appeared to contain bank statements he hadn’t requested, Holtmeier said.
When Holtmeier called an information line provided by Target during the weekend, he was told he didn’t need to take any action. But “I don’t plan on making any trips to Target until I hear some more information from them,” he said.