MINNEAPOLIS - Target Corp. said Friday that the thieves who accessed its data system from late November through mid-December also obtained personal information on 70 million customers, an exposure of data that’s well beyond the financial information on 40 million people it initially reported.

The company said the ongoing investigation of the breach by the Secret Service and the Department of Justice revealed that names, mailing addresses, phone numbers and email addresses were exposed, at least in partial form, to the hackers who accessed its data system.

In announcing the new details, Target said, “The theft is not a new breach.” But spokesman Molly Snyder later said the possibility exists that the personal-information exposure involves different people from the financial one.

If so, as many as 110 mil-lion people had data stolen from Target’s system from Nov. 27 to Dec. 15. The number is probably smaller, however, since there is likely overlap in the two groups.

To date, little fraud has been reported related to the breach. But since it was initially announced Dec. 19, Target has twice been forced to acknowledge that more information got out than it thought. On Dec. 27, Target said that customers’ personal-identification numbers for debit and credit cards were exposed.

“I know that it is frustrating for our guests to learn that this information was taken, and we are truly sorry they are having to endure this,” said Gregg Steinhafel, chairman, president and chief executive officer at Target. “I also want our guests to know that understanding and sharing the facts related to this incident is important to me and the entire Target team.”

In addition, the company revealed its own financial effects of the theft for the first time, saying that shoppers turned away from its stores after the breach was revealed and it expects lower sales and profits as a result.

Target said that customers would encounter “zero liability” from any damage they suffer because of the theft of Target’s data. It offered to provide free credit monitoring and identity-theft protection for customers for a year.

The retailer is already facing almost two dozen lawsuits, mostly from customers accusing the company of failing to safeguard their information.

The data breach is one of the largest involving a U.S. corporation, rivaling an episode uncovered in 2007 that saw more than 90 million credit-card accounts pilfered from TJX Cos. Inc., parent company of discount retailers T.J. Maxx and Marshalls.

Hackers in the Target theft inserted malicious software onto the point-of-sale terminals where customers swiped their credit and debit cards for payment at the end of a shopping excursion.

After it was revealed Dec. 19, customers swamped the company with phone calls seeking details, politicians criticized the company, and the Justice Department opened an investigation. Some banks temporarily imposed limits on the amounts of money that could be withdrawn from accounts that people used to pay Target.

Investors, however, have been less shaken. Target shares have been volatile but traded in a tight range of about $61.50 to $63.50 per share. The shares fell 72 cents, or 1.1 percent, to close Friday at $62.62.

In its discussion of the financial effects of the data theft, Target said that sales turned “meaningfully weaker” after the breach was revealed. It lowered its outlook for fourth-quarter comparable-store-sales revenue to a drop of 2.5 percent. It previously thought such sales would be unchanged from the year-earlier period.

Target also said it expects further charges against earnings for costs related to the breach but it could not now estimate their size and said it will close eight poorly performing stores in its 1,800-store chain.

Target tried to woo scared shoppers back to stores on the last weekend before Christmas with a 10 percent discount on nearly everything in its stores. But Customer Growth Partners LLC, a retail consultancy, estimated that the number of transactions at Target fell 3 percent to 4 percent on the Saturday before Christmas, compared with a year ago.

“You have violated that person’s trust. And it’s going to take time to regain that trust,” said Brian Sozzi, CEO and chief equities strategist of Belus Capital Advisors.

Target’s Friday statement comes at the end of a week of bad news from U.S. retailers, with many saying that Christmas sales fell below expectations. Specialty stores such as Bed Bath & Beyond, American Eagle Outfitters and Pier 1 Imports all told investors to expect lower-than-expected results, and Sears Holding Corp. late Thursday said it expected to report a net loss for the latest period.

Target said that it now expects its fourth-quarter profit to be in a range of $1.20 to $1.30 a share, down from its previous expectation of $1.50 to $1.60 a share.

Executives said the company’s sales were doing better than they expected before the data breach was revealed on Dec. 19.

In addition to the potential costs of the data breach, Target said its fourth-quarter performance would be weakened by expenses related to closing eight stores, some real estate costs and some costs related to its expansion in the Canadian market this year, where it opened more than 100 stores.

Target is closing two stores in Nevada, two in Ohio, and one each in Florida, Georgia, Illinois and Tennessee.

The company has 1,921 stores, with 1,797 locations in the U.S. and 124 in Canada.

Information for this article was contributed by Evan Ramstad and Thomas Lee of the Star Tribune; by Anne D’Innocenzio and Michelle Chapman of The Associated Press; and by Lindsey Rupp of Bloomberg News.

Front Section, Pages 1 on 01/11/2014