As Target issued a fourth-quarter update Friday, it also came to light that the credit- and debit-card breach at the retailer has entered a much more serious phase.

As part of its ongoing forensic investigation into the data breach involving consumer credit and debit cards in its U.S. stores, Target said it has discovered that certain guest data separate from the credit card information was also stolen. The number of potentially affected consumers has grown from the 40 million who shopped at Target between Black Friday and Dec. 15. to as many as 70 million. Target said many may have had their names, mailing addresses, e-mail addresses and/or phone numbers taken. Experts said not all impacted consumers are necessarily Target shoppers; the Minneapolis-based retailer might have purchased lists from other retailers to further its marketing efforts. 

Adam Levin, cofounder and chairman of Identity Theft 911 and, said identity thieves “have gotten into what appears to be the Target database. This is a whole different magnitude than what we were dealing with before. Once you get to names, addresses, e-mail addresses and phone numbers, it brings it into a much more dangerous zone.”

The payment card incident has taken a toll on Target’s business. Since Target announced the data theft on Dec. 19, sales have been meaningfully weaker, the retailer said. Same-store sales declined 2 percent to 6 percent for the remainder of the quarter.

“We know it’s frustrating for our guests to know that this information was taken and we are truly sorry they are having to endure this,” said Gregg Steinhafel, chairman, president and chief executive officer of Target. He said Target is offering one year of free credit-card protection and identity-theft monitoring services.

Target updated its fourth-quarter outlook on Friday. In its U.S. segment, Target expects fourth-quarter 2013 adjusted earnings per share of $1.20 to $1.30, compared with prior guidance of $1.50 to $1.60. This outlook anticipates a fourth-quarter 2013 comp-store sales decline of about 2.5 percent, compared with prior guidance of approximately flat comp-store sales. Third-quarter EPS on a GAAP basis may include charges related to the breach. Prior to the Dec. 19 announcement, Target was experiencing stronger-than-expected fourth-quarter sales.

Target will close eight U.S. stores in May in West Dundee, Ill.; Las Vegas; North Las Vegas; Duluth, Ga.; Memphis; Orange Park, Fla., and Middletown and Trotwood, Ohio. GAAP results are expected to include 5 cents to 10 cents of dilution related to the closings. Eligible employees will be offered similar positions at nearby Target locations.

The retailer said it expects 45 cents of dilution related to Target’s Canadian segment, compared with prior guidance of 22 cents to 32 cents of dilution, driven by the gross margin impact of efforts to clear excess inventory.

“Breaches are inevitable,” Levin said. “We overshare. Big data is everywhere. The more information that’s collected, the more vulnerable we really are.”