The massive data breach suffered by credit-rating company Equifax hit more people than previously thought, the company has reported.
In September last year Equifax said it had discovered that 145 million US customers may have had their information stolen.
Its investigation into the breach has revealed that the details of a further 2.4 million Americans went astray.
Continuing analysis of stolen data had helped identify new victims, it said.
“Equifax will notify these newly identified US consumers directly, and will offer identity-theft protection and credit-file monitoring services at no cost to them,” it said in a statement.
Equifax made the announcement on the same day that it reported its full-year earnings.
The firm said the breach cost more than $114m last year, after insurance payouts, but the company’s profits remained healthy, helped by a strong performance in its international business and new tax cuts that the US approved last year.
The firm reported $587.3m in profits last year, up 20% from 2016. In the fourth quarter, profits were $172.3m, rising 40% compared to the same period in 2016.
In 2017, Equifax said an internal investigation had uncovered signs of unauthorised access to data including names, addresses and social security numbers.
And the company set up a website for people to learn if they were among those whose information had been accessed.
Equifax was widely criticised after the breach and its then chief executive publicly apologised for failing to protect information and for taking so long to let victims know their data had been compromised.
Several senior executives, including the chief executive, subsequently left the company because of the breach.
Equifax holds data on more than 820 million consumers and 91 million businesses worldwide.
It does credit checks, ID theft monitoring and offers job verification services.