Target: Data stolen from up to 70 million customers

• Ongoing investigation finds up to 70M more people affected than originally reported
• Announcement comes amid news of disappointing holiday sales
• Target will close eight stores this year

The massive data breach at Target over the holiday season is potentially much worse than the retailer first reported, with up to 70 million more customers affected.

Target, which averages 30 million customers a week, said Friday that an ongoing investigation found that "the stolen information includes names, mailing addresses, phone numbers or e-mail addresses for up to 70 million individuals."

"I know that it is frustrating for our guests to learn that this information was taken, and we are truly sorry they are having to endure this," Target CEO Gregg Steinhafel said in a press release.

In December, the retailer disclosed that data thieves hacked 40 million accounts, stealing encrypted PIN data, customer names, credit and debit card numbers, card expiration dates and the embedded code on the magnetic strip on the back of cards used at Target between Nov. 27 and Dec. 15.

There may be overlap in customers who had both personal identification information stolen as well as credit and debit card data, but Target doesn't know to what extent, says spokeswoman Molly Snyder. It remains unclear just how many individuals are affected and how.

The additional stolen data may increase the threat of identity theft, said Greg McBride, senior financial analyst at Bankrate.com.

"For somebody to actually go out and open credit in your name, it's pretty tough to do if they don't have your Social (Security number)," he said. "But if they have your Social and have all this other stuff too, it compounds the problem."