A number of consumers are alleging that Target obtained their email addresses without their consent.
Consumers’ concerns arose after Target sent out an email to tens of millions of people earlier this month warning them that their personal information may have been stolen during the retailer’s data breach over the holidays.
As we reported last week, the email was widely mistaken as a phishing scam due to the strange domain name and heightened concerns in the wake of the breach.
Once it was deemed legitimate, however, many people shared additional concerns regarding the email: How could their personal information be compromised if they hadn’t shopped there over the holidays? And how did Target obtain their email address if they had never given it to the retailer?
Odd. Email from Target to my Guardian email offering free credit monitoring because of hack. Not phishing. I never gave Target my email.
— Charles Arthur (@charlesarthur) January 15, 2014
In regards to the first concern, hackers could have stolen data — including names, mailing addresses, phone numbers and email addresses — that Target retained from a past purchase, as we reported last week.
The latter concern is more perplexing. We asked Target last week how it could have obtained email addresses of people who never shopped there, and we recieved this emailed response from spokeswoman Molly Snyder: “The partial personal data that may have been taken was obtained by Target through the normal course of our business.”
We asked her to elaborate and we haven’t heard back.
Here are several people who claim they never shopped at Target in a store or online, and still received an email from the retailer:
Readers of The Consumerist have also raised concerns over how Target obtained their email addresses. Read The Consumerist’s story here.
Business Insider Emails & Alerts
Site highlights each day to your inbox.