When the first reports were only a limited subset of their data but a huge amount of customers I figured it was much worse.  Target was just going to bide time for AFTER the holidays to fully report.  NOw that the holidays are over the real extent is coming out.  Target of course downplays things:

Nationwide retail giant Target today disclosed that a data breach discovered last month exposed the names, mailing addresses, phone number and email addresses for up to 70 million individuals.

The disclosure comes roughly three weeks after the company acknowledged that hackers had broken in late last year and stole approximately 40 million customer debit and credit card records.

“As part of Target’s ongoing forensic investigation, it has been determined that certain guest information — separate from the payment card data previously disclosed — was taken during the data breach,” the company said in a statement released Friday morning.  ”This theft is not a new breach, but was uncovered as part of the ongoing investigNation. At this time, the investigation has determined that the stolen information includes names, mailing addresses, phone numbers or email addresses for up to 70 million individuals.”

Target is still trying to downplay the amount of data stolen:

Target said much of the data is partial in nature,

What is Target going to do to compensate it’s customers for the coming wave of spam, identity theft and fraud?  Not to mention all the cards that have to be reissued?  Oh and how about HOW these folks go in?

in cases where Target has an email address, it will attempt to contact affected guests with informational tips to guard against consumer scams. The retail giant was quick to note that its email communications would not ask customers to provide any personal information as part of that communication.

Target Chairman Gregg Steinhafel apologized for the inconvenience that the breach may have caused customers, and said said he wanted customers to know that “understanding and sharing the facts related to this incident is important to me and the entire Target team.”

Nevertheless, the company still has not disclosed any details about how the attackers broke in. This lack of communication appears to have spooked many folks responsible for defending other retailers from such attacks, according to numerous interviews conducted by this reporter over the past few weeks.

Basically Target customers you are screwed.  Folks we need to start holding our reps and law enforcement types to account.  There are laws on the books about this type of thing…it is time they were enforced.

via Target: Names, Emails, Phone Numbers on Up To 70 Million Customers Stolen — Krebs on Security.