Credit report company Equifax has admitted that 2.5 million more Americans than previously thought were potentially affected by a cyber attack that breached its systems.
It takes the total number of people who had their personal information compromised to 145.5 million.
The hack, first disclosed last month, compromised a wealth of personal data including names, birthdays, addresses and social security numbers – as well as credit card numbers for more than 200,000 people.
US-based Equifax is understood to hold the data of 44 million customers in the UK but has not disclosed how many were potentially affected.
Customers of companies including BT and Capital One are believed to have been among them. The data breach ran between mid-May and 29 July.
Equifax said a forensic analysis of the event carried out by a cybersecurity firm had now completed.
It said: “The forensic investigation related to United Kingdom consumers has been completed and the resulting information is now being analysed in the United Kingdom.
“Equifax is continuing discussions with regulators in the United Kingdom regarding the scope of the company’s consumer notifications as the analysis of the completed forensic investigation is completed.”
The update late on Monday also saw Equifax downgrade the number of Canadian citizens who may have been affected, previously estimated at up to 100,000, to about 8,000.
It came as former chief executive Richard Smith – who stepped down in the weeks after the breach was disclosed – prepared to face a US congressional hearing.
In prepared remarks ahead of the hearing, he said: “To each and every person affected by this breach, I am deeply sorry that this occurred.”
Equifax also faces several state and federal inquiries in the US and a number of civil lawsuits.
In the UK, the Information Commissioner’s Office has said it is investigating.