OK, the headline is a slight exaggeration. The number of people affected by the Great Target Data Breach of ’13 has simply grown another 30 million or so, according to an update the company released today. Not only did 40 million people have their credit and debit card numbers hacked, but a total of about 70 million had their personal information stolen, including names, mailing addresses, phone numbers, and email addresses.
Re/code’s Jason Del Rey notes that it wasn’t immediately clear how many of the original 40 million credit-card-number victims overlapped with the newly reported personal-information victims. After weeks of investigation, Target is still trying to assess the full extent of the breach. But it’s now clear that the total tally is somewhere north of 70 million—or, as the Washington Post’s Brian Fung calculates, the equivalent of 29 percent of the adult population of the United States.
Wow, you might now be saying to yourself, thank goodness I didn’t shop at Target over the holidays! Uh, sorry, more bad news from Del Rey:
The company also said that the theft of personal information was not limited to customers who shopped at a Target store over the holiday period. Any person who has ever shopped at a U.S. Target store could have been affected.
Target is assuring customers that they won’t be held liable for any fraudulent purchases made in their names as a result of the snafu. It’s also offering a year of free credit monitoring and identity theft protection to “all Target guests who shopped our U.S. stores,” which I’m guessing is, well, pretty much everyone in the U.S., except maybe like Mitt Romney and Warren Oakes.
On the bright side, stolen credit cards are now apparently quite affordable on the black market.
In unrelated news, the fine women and men of the U.S. House of Representatives today speedily passed a bill addressing hypothetical data breaches of the Obamacare website … which has not in fact experienced any data breaches. Meanwhile, a bill that aims to protect Americans from actual data breaches, like the Target hack, has been shot down in every session of Congress since 2005.
Previously in Slate: