Turns out that December Target hack was a lot worse than the company had originally allowed.

Initial reports from company CEO Gregg Steinhafel suggested that the late-November, early-December hack into Target card data may have allowed the individual behind the attack access to upwards of 40 million people’s payment card information, but it appears as though that estimation was woefully low.

Today, a forensic firm confirmed to CNBC that the hack affected more like 70 million people, and didn’t simply involve the aforementioned pay information. In addition, those able to breach Target’s security lines also obtained names, mailing addresses, phone numbers, and email addresses.

The whole saga has been a huge bummer for Target’s customers, who’ve reported issues with withdrawing money from their bank accounts or putting charges on their credit cards as a result.

The store has made a few attempts to curtail the damage, recently announcing that customers affected by the hack would assume “zero liability” for costs incurred as a result.

“I know that it is frustrating for our guests to learn that this information was taken, and we are truly sorry they are having to endure this,” Steinhafel said in a statement. “I also want our guests to know that understanding and sharing the facts related to this incident is important to me and our entire target team.”

Photo via Kevin Dooley/Flickr