The company also said it wasn't just credit card and pin numbers taken. According to new information gleaned from its investigation with the Secret Service and the Department of Justice, Target discovered that non-credit card related data - like names, addresses, phone numbers and email addresses - were also stolen by hackers.
"I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this," said Gregg Steinhafel, Target chairman, president and CEO, in a statement.
The chain also indicated its sales have been hurt by the security breach, cutting its forecast for fourth-quarter earnings and a key sales barometer.
In December, the retail giant announced that about 40 million credit and debit cards may have been affected by the breach that happened between Nov. 27 and Dec. 15. But the net has now been cast wider, with more shoppers potentially impacted.
The theft from Target's databases is the second largest data breach on record, rivaling an incident uncovered in 2007 that saw more than 90 million credit card accounts pilfered from TJX Cos. Inc.
Target said customers won't be liable for the cost of any fraudulent charges that stemmed from the breach.
Target is also offering a year of free credit monitoring and identity theft protection to customers that shopped at its stores. Individuals will have three months to enroll in the program, which Target said it will provide more details next week.
Customers who see suspicious charges on their statements were advised to report them to their credit card companies and call Target at (866) 852-8680.
The Associated Press contributed to this report.