Number of Target data breach victims rises to 70 million

Number of victims of cyber criminals almost double original estimates, says retailer

Personal details of 70 million Target customers were stolen by cyber criminals during December's security breach, a figure almost double the number of victims initially thought.

Last month, the second biggest discount retailer in the US revealed that information about 40 million customers could have been compromised by hackers.

The cyber thieves struck between Black Friday, the biggest US retail date of the year and mid-December, when the breach was discovered.

At the time, the Target security breach was the second largest in US history, but the revelation that information on another 30 million customers was also stolen makes it the largest, by some way.

Target has issued a statement reassuring customers that in most cases, data stolen is only a partial combination of names, mailing addresses, phone numbers or email addresses, implying that bank details shouldn't be under threat.

However, the company is making an effort to inform customers about what has happened and how best to protect themselves against potential scams by cyber criminals who might hold the data.

"I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this," said Gregg Steinhafel, chairman, president and CEO of Target.

"I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team."

The US secret service has confirmed it's working alongside Target as it investigates the cause of the breach and attempts to track down the cyber-criminals responsible for it.

Jason Hart, VP Cloud Solutions at data protection company SafeNet said the extent of the breach should be regarded as a sign for retailers to take security more seriously.

"The latest revelations about the Target data breach should serve as another wake up call to the industry, encouraging organisations to think about the way that encryption is implemented," he said.

"This means reviewing the way in which data is being processed and transmitted by conducting a risk assessment to see if high value data requires encryption in transit as well as at rest."

"With hacking attempts becoming almost a daily occurrence, it's clear that being breached is not a question of "if" but "when," Hart continued.

"So companies need to ensure they are taking the necessary precautions. This means using best practice data protection - authentication, encryption and key management - to guarantee that data is effectively useless when it falls into unauthorised hands," he added.