March 14 (Reuters) - Target Corp on Friday acknowledged that a massive data breach last year has damaged its reputation and business, and said that it does not yet know how long the fallout will last.
Some 40 million payment card records were stolen from the discount retailer, along with 70 million other records with customer information such as addresses and telephone numbers, during the 2013 holiday shopping season.
Target disclosed the breach in December, a few days before Christmas, denting its revenues.
"We know our guests' confidence in Target and the broader U.S. payment system has been shaken," Target said in its annual report, filed with the U.S. Securities and Exchange Commission.
"We cannot predict the length or extent of any ongoing impact to sales."
Congress is investigating the breach along with lapses at other retailers, and credit card companies are pushing for better security.
Target potentially faces dozens of class actions and action from banks that could seek reimbursement for millions of dollars in losses due to fraud and the cost of card replacements.
The retailer said it expects to dispute any such claims from the payment card networks and would likely to seek settlements in such cases.
The affected payment cards include Target's REDcard private label debit and credit cards as well as other bank cards.
Target said it was worried the breach would lead some shoppers to stop using its REDcards loyalty program, which accounts for a growing percentage of its sales.
The company said it would speed up a $100 million investment to equip the proprietary REDcards and all of its U.S. store card readers with chip-enabled smart-card technology by the first quarter of 2015.