This story has been updated.

Target Corp., the second-largest U.S. discount retailer, cut its U.S. unit's fourth-quarter forecast and said the recent security breach affected more people and more information than previously thought was taken.

Names, home and e-mail addresses for as many as 70 million people were taken, the Minneapolis-based company said today in a statement. That information is in addition to the credit- and debit-card data of 40 million accounts that Target previously said was stolen. Molly Snyder, a spokeswoman, said today in an interview said that while it is likely the two groups of victims overlap, Target doesn't yet know the extent, and it is possible they are distinct.

Target is trying to keep customers' loyalty after data from shoppers' cards was stolen while they made purchases in stores from Nov. 27 to Dec. 15. The breach came during retailers' most important season of the year and at a time when many consumers already were restraining purchases. While Target said it couldn't estimate the costs of the breakdown, it said they may have a material adverse effect on fourth-quarter results.

Sales at the U.S. unit were "meaningfully weaker" after the data theft was disclosed, the company said. U.S. same-store sales will fall about 2.5 percent in the quarter through January, compared with an earlier projection they would be little changed. Adjusted earnings per share will be $1.20 to $1.30 for the division, down from a previous estimate of at least $1.50.

Target dropped 0.6 percent to $62.96 at 9:20 a.m. in New York. The shares rose 6.9 percent last year, compared with a 30 percent increase for the Standard & Poor's 500 Index.

The company also said it would close eight U.S. stores on May 3. The locations affected are in Illinois, Nevada, Georgia, Tennessee, Florida and Ohio. Employees will be offered transfers to nearby stores. Each store has about 70 to 125 workers, and while the "vast majority" of workers choose to take positions, Target doesn't know how many will do so, Snyder said.

The breach occurred when a computer virus infected Target's point-of-sale terminals where shoppers swipe a credit or debit card to make a purchase, a person familiar with the matter said last month. The person asked not to be identified because the investigation is private.

The retailer is already facing almost two dozen lawsuits, mostly from customers accusing the company of failing to safeguard their information.

The U.S. Secret Service said it was investigating the breach, along with two states' attorneys general.

Subscribe Now

Authoritative analysis and perspective for every segment of the payments industry

14-Day Free Trial

Authoritative analysis and perspective for every segment of the industry