Up to 70m of Target’s customers had their details stolen in December, 30m more than was previously supposed.
The thieves infiltrated retail giant’s card swipe system in all 1,797 braches across the US.
"I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this," Target CEO Gregg Steinhafel said in a release.
The busy lead up to Christmas left ample opportunity to acquire information, the theft began around 29 November, the busiest shopping day of the year, also known as Black Friday.
Data obtained included credit card numbers, names, postal addresses, phone numbers and email addresses. This sort of information is often sold on to criminals via underground marketplaces.
Target insist customers will have "zero liability" and are offering one year of free credit monitoring and identity theft protection.
This attempt at appeasement has not stopped some people suing on grounds of failure to notify them before it the incident hit the press and lack of reasonable security procedures to prevent it.