Emily Jane Fox and James O’Toole
NEW YORK (CNNMoney) — A day after Target announced that forty million of its shoppers had their credit and debit card data breached, the retailer announced a 10% discount for all shoppers at its stores this Saturday and Sunday.
“We recognize this has been confusing and disruptive during an already busy holiday season,” Target CEO Gregg Steinhafel said in a statement Friday. “Our guests’ trust is our top priority at Target and we are committed to making this right.”
The company also provided details Friday about the extent of the hack and the information that could have been compromised.
The nation’s No. 2 general merchandise retailer said cards used at its brick-and-mortar stores between Nov. 27 and Dec. 15 2013, may have been impacted.
The company said that there is no indication that any debit card PIN numbers were compromised in a statement on Friday. It also said that, it doesn’t appear that the three- or four-digit security code visible on the face of credits cards were breached. That means that the debit and credit cards that were compromised cannot be used to withdraw cash from an ATM or to shop online.
Target also said it believes customers’ birth dates and social security numbers weren’t compromised. The retailer said it gave Visa, MasterCard, Discover and American Express the card numbers of those who may have been impacted, and that these companies will monitor those cards for fraud.
Target is also monitoring its own card, the REDcard, for potential unauthorized activity.
Steinhafel said the affected customers “will not be held financially responsible for any credit and debit card fraud.”
“[T]o provide guests with extra assurance, we will be offering free credit monitoring services,” Steinhafel said. “We will be in touch with those impacted by this issue soon on how and where to access the service.”
To help answer customer questions, Target set up a hotline for customers. Shoppers have been reporting long hold times, so Target said it will beef up its staffing.
Target didn’t specify how its systems were hacked. But judging by the scope of the breach and the kind of information that criminals got, security experts say hackers targeted the retailer’s point-of-sale system. That means they either slipped malware into the terminals where customers swipe their credit cards, or they collected customer data while it was on route from Target to its credit card processors.
The retailer said it had notified authorities and financial institutions immediately after it was made aware of the unauthorized access, and hired a forensics team to investigate how the breach may have happened. The issue that allowed the breach has been identified and resolved, according to Target spokeswoman Molly Snyder.
Lawyers in California filed a lawsuit Thursday seeking class action status on behalf of Target customers, alleging negligence on the part of the retailer. They also say Target failed to promptly notify customers about the hack.
“Target has an obligation to provide adequate security for the financial information they collect,” said lawyer Robert Ahdoot. “I’ve had a lot of phone calls today with angry customers who have already been victims of identity theft.”
Snyder said Target “typically doesn’t comment on pending litigation.”