Target is warning its Canadian customers that a massive security breach at the retailer over the holiday season may have led to their personal information being stolen.
An email sent to some customers by the retailer on Monday said it believes cross-border shoppers who went to U.S. Target stores between Nov. 27 and Dec. 15 were affected.
However, the message also went to at least some Target Canada customers who weren't in the United States over the affected period.
- Target data hack affected 70 million people
Target said its investigation found that personal information — like the names, addresses, emails and phone numbers of some Canadians — may have been stolen.
The breach does not extend to payment data for the debit and credit cards of Canadians, which is what was taken from U.S. customers, it said.
"Target Canada stores were not impacted by the payment card breach," added president and CEO Gregg Steinhafel in the message.
Spokeswoman Lisa Gibson says the email was only sent to Canadian shoppers who Target believes could have had their information stolen.
The security breach is believed to have involved 40 million credit and debit card accounts and the personal information of 70 million customers. Gibson said the number of Canadians affected is estimated to be "well under" one per cent of the total, which represents less than 700,000 customers.
Target hired a third-party forensics firm to investigate the incident, it said in the email to customers. Over the course of the investigation it became apparent that the information of Canadians was also compromised.
"Much of the guest data that was taken is partial in nature," Gibson said in an email comment.
"We have started to contact affected guests directly to let them know that we are offering free, one-year credit monitoring for impacted Canadian guests, as well as tips to guard against consumer scams. "
Canadian outlets not affected
Target has said Canadian stores weren't affected because they use a different payment system at cash registers.
In the United States, police say account information stolen during the Target security breach is now being divided up and sold off regionally.
A South Texas police chief said officers arrested two Mexican citizens carrying 96 fraudulent credit cards.
The cards, used by 27-year-old Mary Carmen Garcia and 28-year-old Daniel Guardiola Dominguez, both of Monterrey, Mexico, carried the account information of South Texas residents, said McAllen, Tx. Police Chief Victor Rodriguez.
They were used to buy tens of thousands of dollars' worth of merchandise at national retailers in the area.
The two were arrested Sunday morning at the border trying to re-enter the United States.
Target is just the latest retailer to be hit with a data breach problem. TJX Cos., which runs stores such as T.J. Maxx, Marshall's and Winners, had a breach that began in July 2005 that exposed at least 45.7 million credit and debit cards to possible fraud. The breach wasn't detected until December 2006.
In 2009, TJX agreed to pay $9.75 million in a settlement with multiple states related to the massive data theft but stressed at the time that it firmly believed it did not violate any consumer protection or data security laws.