WHAT CONSUMERS CAN DO

• Take Target up on its offer of free credit monitoring and identity theft protection. According to the company’s website, more details will be available next week, including how to enroll. The sign-up period will last three months.

•Check credit card statements carefully for potentially fraudulent charges. Experts say in cases like this, the thieves often sell personal information on the black market. If you see suspicious charges, report the activity to your credit card companies and call Target at 866-852-8680. You can report cases of identity theft to law enforcement or the Federal Trade Commission (www.consumer.gov/idtheft, 877-438-4338 (IDTHEFT).

•Change email passwords and make sure that the same passwords aren’t being used for other accounts, like social media.

— Associated Press

Fallout from Target’s pre-Christmas security breach is likely to affect the company’s sales and profits well into the new year.

Target disclosed Friday that the massive data theft was significantly more extensive and affected millions more shoppers than the company reported in December. As a result of the breach, millions of Target customers have become vulnerable to identity theft, experts say.

The nation’s second largest discounter said hackers stole personal information — including names, phone numbers, and email and mailing addresses — from as many as 70 million customers as part of a data breach it discovered last month.

Target announced on Dec. 19 that about 40 million credit and debit card accounts had been affected by a data breach that happened between Nov. 27 and Dec. 15 — just as the holiday shopping season was getting into gear. As part of that announcement, the company said customers’ names, credit and debit card numbers, card expiration dates, debit card PINs, and the embedded code on the magnetic strip on the back of cards had been stolen.

According to new information gleaned from its investigation with the Secret Service and the Department of Justice, Target said Friday that criminals also took non-credit card related data for about 70 million shoppers who could have made purchases at Target stores outside the late November to mid-December timeframe.

Some overlap exists between the two data sets, the company said.

The revelations mean more than 70 million people might have had their data stolen. And when the company releases a final tally, the theft could become the largest data breach on record for a retailer, surpassing an incident uncovered in 2007 that saw more than 90 million records pilfered from TJX Cos. Inc.

The latest developments come as Target said that just this week it was starting to see sales recover from the crisis. The company, however, cut its earnings outlook for the quarter that covers the crucial holiday season and warned that sales would be down for the period.

But with the latest news, some analysts believe the breach could be a financial drag on the company for several more quarters.

“This is going to linger like a black cloud over the company’s financials for the first half of the year,” said Brian S. Sozzi, CEO & chief equities strategist at Belus Capital Advisors.

Meanwhile, New York Attorney General Eric T. Schneiderman announced that his office is participating in an investigation into the security breach. He called the latest news “deeply troubling.”

Molly Snyder, a Target spokesman, said she had no new details to share about how the data breach was conducted. The company has said only that its point-of-sale system in its U.S. stores was compromised.

“I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are having to endure this,” Gregg Steinhafel, Target chairman, president and CEO, said in a statement.

Target investors have been largely unmoved by the company’s disclosures. Target’s stock, while volatile, has traded at about $63 since news of the breach leaked Dec. 18. It slipped just 72 cents, or more than 1 percent, to $62.62 in trading Friday.

But some observers believe the stock could get battered if consumers stay away from Target stores. Several Wall Street analysts downgraded their earnings forecasts for the retailer Friday.

Colleen McCarthy, 26, of Cleveland, Ohio, is among those avoiding Target. McCarthy used her Chase debit card at a local Target on the Friday after Thanksgiving and received a notice from Chase a few days after news of the breach first broke. The letter identified her as a potential victim of the Target breach but said, “don’t worry.” At the time, she was only somewhat concerned.

But Monday night McCarthy received a call from Chase, alerting her that someone tried to use her debit account twice in Michigan. The thief cleared $150, which caused her rent check to bounce. Chase restored the money to her account. “This has been a nightmare,” she said. “My rent check bounced. My debit card had to be canceled. And who’s to say what other people have access to my information?”

Target tried to woo scared shoppers back to stores on the last weekend before Christmas with a 10 percent discount on nearly everything in its stores. Target is also offering a year of free credit monitoring and identity theft protection to customers that shopped at its stores.