(Memphis) Neiman Marcus now confirms more than a million cards were hacked during its January data breach.
Company officials sent emails to potentially affected customers explaining social security numbers and PINS weren't taken, and online customers don't seem to be affected.
The number of Target customers potentially affected during its recent data breach is up to 110 million.
Target says some of those customers had "partial personal data" (names, addresses, phone numbers) that may have been stolen, which is separate from those who shopped in stores.
WREG On Your Side Investigators asked a Target spokesperson about how it obtains such information from customers. She stated it happens during the "normal course of business".
Maybe you've handed over your personal information to a retailer to get a coupon, or signed up for a rewards program or email subscription.
Experts have long said this comes with a risk.
What's more troubling though, is experts say retailers often collect your personal information, even when you haven't given it to them!
Think about the last time you checked out at a store. The cashier may have asked questions like, what's your email address, may I have your zip code?
U.S. Secret Service Agent Rick Harlow of the Memphis Field office told the On Your Side Investigators, "I don't give them my home phone, I don't give them my cell phone, I don't give them my email."
Harlow says one reason he doesn't give out such information is to avoid spam and excessive emails. However, there's another reason you might want to do the same.
"You're allowing them to create a profile on you," Harlow explains.
He says retailers use such information to target your likes and dislikes, which may seem harmless. The downside, however, is that information doesn't always stay within the company.
Harlow says, "If you give your email address to one company and your home phone number to another and your home address to another, and then it's mined, which goes on all the time, perfectly legitimate business, it's mined then put into a database and that can be sold."
Or worse, those same databases can stolen and compromised.
One new report shows 2013 being the worst for data breaches with more than 740 million records exposed.
Some say that estimate is conservative considering the growing numbers with the latest breaches.
"In protecting your personal information, what you have to be concerned about it how it is going to be used, how is it going to be stored, how long will it be used and how will it be protected," says Harlow.
Harlow says consumers should ask those very questions before handing over information to any business.
He also recommends using an alternate ID instead of a social security number at places like medical offices or any company that typically asks for it.