The massive data breach suffered by credit-rating company Equifax hit more people than previously thought, the company has reported.
In September last year Equifax said it had discovered that 145 million US customers may have had their information stolen.
Its investigation into the breach has revealed that the details of a further 2.4 million Americans went astray.
Continuing analysis of stolen data had helped identify new victims, it said.
“Equifax will notify these newly identified US consumers directly, and will offer identity-theft protection and credit-file monitoring services at no cost to them,” it said in a statement.
In 2017, Equifax said an internal investigation had uncovered signs of unauthorised access to data including names, addresses and social security numbers.
And the company set up a website for people to learn if they were among those whose information had been accessed.
Equifax was widely criticised after the breach and its then chief executive publicly apologised for failing to protect information and for taking so long to let victims know their data had been compromised.
Several senior executives, including the chief executive, subsequently left the company because of the breach.
Equifax holds data on more than 820 million consumers and 91 million businesses worldwide.
It does credit checks, ID theft monitoring and offers job verification services.