Many questions remained unanswered Monday after Target said its holiday shopping hack was worse than first believed, and another major retailer said it too had been breached.

By Gregory Wallace  @gregorywallace

Neiman Marcus said over the weekend that cards of some customers had been used fraudulently, but provided little additional information.

It follows a breach at Target that could become the largest in U.S. retail history. The company acknowledged Friday that up to 110 million customers were affected.

“Clearly we are accountable and we are responsible—but we are going to come out at the end of this a better company and we are going to make significant changes,” Target CEO Gregg Steinhafel said in an interview with CNBC.

In addition to the 40 million customers of the chain’s U.S. stores whose credit and debit card data was stolen during the busy holiday shopping season, hackers lifted personal information — including names, addresses, email addresses and phone numbers — for 70 million customers.

There may be some overlap between the two groups, but Target couldn’t say how many were counted twice.

Among those 70 million people may be customers who haven’t shopped at Target recently, but whose information was stored in company databases. It was unclear if online shoppers were impacted by the personal information breach, and spokeswoman Molly Snyder said only the information was collected and stored “during the normal course of business.”

Related: Tips to protect your money

Neiman Marcus said Saturday it, too, was “the victim of a criminal cyber-security intrusion” involving customers’ credit cards.

The luxury retailer said in an online post that it was notifying “customers whose cards we know were used fraudulently after purchasing at our stores.” Neiman Marcus spokeswoman Ginger Reeder said she could not say how many customers were affected or notified.

continue reading »