The chain also indicated its sales have been hurt by the breach, cutting its forecast for fourth-quarter earnings and a key sales barometer.
Target Corp. announced in December that about 40 million credit and debit cards may have been affected by a data breach that happened between Nov. 27 and Dec. 15 - just as the holiday shopping season was getting into gear. But the net has now been cast wider, with more shoppers potentially impacted.
The company told customers Friday that its investigation of the breach has shown that personal information had also been stolen and more customers were affected.
"I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this," Chairman, President and CEO Gregg Steinhafel said in a statement.
The company said customers won't be liable for the cost of any fraudulent charges that stemmed from the breach.
It's also offering a year of free credit monitoring and identity theft protection to customers that shopped at its stores. Individuals will have three months to enroll in the program, which Target said it will provide more details next week.
(Also see: Target hackers stole encrypted bank PINs: Report)
Target lowered its fourth-quarter adjusted earnings guidance to a range of $1.20 to $1.30 per share, down from $1.50 to $1.60 per share.
Analysts surveyed by FactSet expect earnings of $1.24 per share.
The Minneapolis company also said that it now foresees fourth-quarter sales at stores open at least a year will be down about 2.5 percent. It previously predicted those sales would be about flat.
Target cautioned that its fourth-quarter financials may include charges related to the data breach. The chain said the costs tied to the breach may have a material adverse effect on its quarterly results as well as future periods.
Shares of Target declined 84 cents to $62.50 before the market open.