Target Corp. said Friday that up to 70 million individuals had personal information stolen as part of the retailer’s recent data breach, indicating a far greater impact than previously revealed.

The company said those 70 million people were separate from the approximately 40 million credit and debit card accounts previously reported as compromised, though there was some overlap.

Target said the stolen personal information included names, mailing addresses, phone numbers or email addresses. Still, the retailer stressed that the theft isn’t a new breach but was uncovered as part of its continuing investigation.

The retailer also said Friday that news of the breach hurt its holiday sales, which were going better than expected before the company disclosed the breach on Dec. 19.

The company had said the data breach, which ran from Nov. 27 and Dec. 15, involved malicious software installed in the systems where cards are swiped at cash registers. In late December, the company added that encrypted debt card PIN data also was stolen in the breach.

Target said Friday that much of the data stolen is “partial in nature,” but in the cases where Target has an email address, the company will attempt to contact affected individuals with tips for guarding against consumer scams and other information.

“I know that it is frustrating for our guests to learn that this information was taken, and we are truly sorry they are having to endure this,” Chief Executive Gregg Steinhafel said.

Target added that consumers will have “zero liability” for the costs of any fraudulent charges arising from the breach.

The retailer Friday also lowered its outlook for the fourth quarter, projecting adjusted per-share earnings in its U.S. segment of $1.20 to $1.30, down from the prior guidance of $1.50 to $1.60. It now expects same-store sales to drop about 2.5 percent, versus its prior view of flat sales.

Target said its sales for the quarter were “meaningfully weaker-than-expected” since the data breach was disclosed, but sales have shown improvement in recent days. Before the announcement, sales had been stronger than expected, the company said.

The retailer added that it wasn’t able to provide an update to its fourth-quarter unadjusted earnings guidance but that the period may include charges related to the data breach.

Chief Financial Officer John Mulligan said the company’s top priority now in light of the breach is “taking care of our guests and helping them feel confident in shopping at Target.” He added that the retailer is “disappointed” in its 2013 performance.

Target, along with the Secret Service, the U.S. Justice Department and a forensic unit of Verizon Communications Inc., continue to investigate the breach.

The breach came at a difficult time for Target, which at its last earnings report in November said it was expecting mostly flat sales through the critical holiday period. In an effort to lure customers back to stores after the breach, Target offered a 10 percent discount to U.S. shoppers during the last weekend before Christmas.

BREACHES AT A GLANCE

Target has reported two separate data breaches. Here’s what thieves stole in each, according to Target:

INITIAL BREACH, affecting up to 40 million customers who shopped at a U.S. Target store between Nov. 27 and Dec. 15:

— Credit or debit card number

— Encrypted debit card PINs, or personal identification numbers

— Security code encoded in the card (not the three-digit security code often printed on the back).

— Name of the customer

— Card’s expiration date

SEPARATE BREACH, affecting 70 million customers, which Target disclosed Friday. There is some victim overlap with the previously reported breach.

— Mailing addresses

— Phone numbers

— Email addresses

— Names

— Target said “much of the (stolen) data is partial in nature.”