Hackers who attacked Home Depot had stolen 53 million email addresses from the US retailer's database in addition to customers' payment card data, the company said.
Following weeks of investigation into the matter, the world's largest home improvement chain noted that hackers accessed separate files containing email addresses, but the files did not contain passwords, payment card information or other sensitive personal information.
Accessing Home Depot's network via a third-party vendor's user name and password, the criminals acquired elevated rights and deployed a custom-built malware on its self-checkout systems in the US and Canada, the company said, based on its investigation.
It has since eliminated the malware from its systems.
Home Depot added that it is notifying affected customers in the US and Canada, and warned customers against phishing scams, which are designed to trick customers into providing personal information.
"The Home Depot's investigation, cooperation with law enforcement and efforts to further enhance its security measures are ongoing," the company said.
In September, the retailer confirmed that nearly 56 million payment cards were likely compromised in a five-month-long cyber attack on its payment terminals. It estimated costs of $62m (£38n, €48m) from the attack, but hinted that expenses could rise.
A number of US retailers have recently become victims of sophisticated hacking attacks.
In April, America's largest arts and crafts retailer, Michaels Stores, reported a security breach. The firm said that about 2.6 million customer credit and debit cards used at its stores may have been affected in the breach.
The firm also said that its subsidiary Aaron Brothers had been attacked, exposing information on an additional 400,000 cards.
In January, retailer Neiman Marcus revealed that it had been a victim of a cyber attack.
Retailer Target suffered costs of $148m related to its data breach, after hackers stole at least 40 million credit and debit cards numbers.