Target’s massive December data breach, which affected up to 70 million customers and involved not only credit/debit data but also PIN numbers, will not quit. Today, the company announced that “certain guest information” — entirely separate from financial data stolen but a part of the same breach — was also lifted. The company also adjusted Q4 sales expectations, citing the disaster as a heavy factor in losing revenue.
Target says that the personal information “may have included names, mailing addresses, phone numbers or email addresses,” although the company has a (mild) reassurance that most of it was “partial in nature.” It sounds like the kind of information traditionally given casually at checkout for loyalty cards and company-sponsored credit cards, but it’s still potentially devastating for some. Target continues to stress that Social Security numbers were not among the data accessible in the breach.
In addition to admitting that even more information was accessed than originally thought, Target also adjusted its expectations for Q4 sales — a fourth quarter 2013 adjusted EPS of $1.20 to $1.30, from $1.50 to $1.60 — after having a better-than-expected quarter before the attack. It shows that the customers affected have reacted to the danger, and are speaking out with their wallets.
While the actual damage has yet to be truly quantified, it’s safe to say that Target’s data breach will count among the most devastating corporate hacks in history. And, as the investigation continues, more nasty surprises have come out in the open. Many victims of the hack have put the bulk of the pain behind them, with banks and credit card companies dutifully offering new cards and rewinding most of the damage, but the level of information lifted means that these people could be continually victimized in the long run through targeted phishing, texting and email scams designed to dupe even savvy internet users into turning over valuable information.
Despite is popularity as a retailer, this is about as close to rock bottom as Target can get. With the costs of the breach and its lasting affects still looming, it’s likely that the company will be the unfortunate poster child of corporate hacking for years to come.