(CNN) - While hackers only stole credit and debit card data from shoppers at U.S. stores between Nov. 27 and Dec. 15, they also grabbed details on people who shopped there before that.
"The possibilities are so much greater now that this other information has been compromised," saidConsumer Federation of America advocate Susan Grant.
Target said it has an ongoing investigation and does not know how far back the database goes.
Be on your guard: Now that the criminals have three ways to contact you, expect to get fake phone calls, emails and letters in the mail. They'll be asking for your personal information and telling you to click on links. Don't do it, even if it looks official.
Instead, take the advice of NTT Com Security consultant Chris Camejo and go directly to the source. If a person calls you, claims to be with your bank and says you've been affected by the Target hack, hang up. Then call the bank number on your credit card to resolve the issue.
Similarly, if you get an email that seems official, don't click on any links. If it claims to be Target, just go to Target.com/databreach. Target is posting all true communication with customers there. If it claims to be your bank or anyone else, ignore the email and go straight to the Target website. Type in the address yourself.
Ditto with paper mail scams. Don't answer them.
Target has set up a phone line (866-852-8680) for customers who suspect unauthorized activity on their accounts.
In the meantime, also check your recent bank and credit card statements. Look for charges you don't recognize. Be eagle-eyed for tiny charges; criminals are known to test a stolen credit card by spending just a few cents before charging it with much more.
Sign up for fraud monitoring: This is the best way to keep an eye on your finances. In the next three months, Target is offering one year of free credit monitoring and identity theft protection to anyone who has shopped in their U.S. stores.
Review any website that keeps your credit card: The worst part about Friday's revelations is that criminals are now armed with even more information. If they have your email and credit or debit card information, they could pose as you on certain websites.
Some online services and marketplaces allow hackers to bypass your password if they know the last four digits of your payment card.