The world's largest home improvement chain Home Depot has revealed about 53 million more email addresses were taken during a recent breach of its payment data systems.
In September, the company said some 56 million payment cards, including email details, were likely stolen in an attack on its systems.
The company's announcement today means the data breach was similar in scale to last year's attack on US retailer Target.
Home Depot said the stolen files that contained the additional email addresses did not include passwords, payment card information or other sensitive personal information.
Criminals used a third-party vendor's user name and password to enter the perimeter of its network, Home Depot said in a statement.
The hackers then acquired elevated rights that allowed them to navigate parts of Home Depot's network and to deploy unique, custom-built malware on its self-checkout systems in the US and Canada.
Home Depot said its investigation, along with law enforcement and efforts to boost its security, was ongoing.
Since September, the company has implemented enhanced encryption of payment data in all US stores and said the rollout to Canadian stores will be completed by early 2015.
Home Depot also reaffirmed its previous 2014 sales growth forecast of about 4.8 percent. Its shares closed up 1.6 percent at US$97.29 per share