Target's revelation Friday morning that data thieves accessed customers' names, home addresses, phone numbers and email addresses increases the likelihood that the theft was an inside job, a fraud analyst said Friday afternoon.

This additional identity information — stolen from possibly an additional 70 million Target customers — is not stored on the point-of-sale devices used to access the payment card data, said Avivah Litan, a fraud analyst at information technology firm Gartner. And the fact that the thieves gained access to a second data source suggests they had the help of an insider.

“It definitely strengthens the case that this was someone embedded in the organization,” Litan said. “Someone had inside knowledge, whether it was an insider, or an outsider working with an insider.”

Retailers and third-party consumer data firms often store this type of information in massive databases, either for marketing purposes or for customer loyalty programs. Because Target is reporting the theft itself, it was likely stolen from one of its own databases, Litan said.

She added that this insider didn't necessarily need to be a Target employee — contractors also have access to many retailers' customer information databases.

The company had said about 40 million accounts were compromised during the holiday shopping season, with card numbers, expiration dates, customer names, embedded security codes and encrypted personal identification numbers, or PINs.

Litan said this latest revelation also raises the stakes for consumers affected by the breach, because it makes them more vulnerable to fraud.

Litan said the only way consumers can be certain that they're speaking with someone from their bank is to call the bank themselves. That goes for Target representatives, too.

“People are trained to be suspicious of emails, but they have to be suspicious of phone calls, too,” she said. “Don't trust anyone. That's basically all you can do.”