US retailer Home Depot has revealed that the high-profile credit card hack which struck the firm earlier in the year, also resulted in the theft of 53 million email addresses.
It confirmed that attackers used a vendor's username and password to access the store's network.
The hack took place between April and September and resulted in the theft of 56 million debit and credit card details, making it one of the largest data breaches on record.
Home Depot has sought to reassure customers affected by the breach, stressing that no other sensitive information or passwords were stolen along with the email listings. However, it did emphasise that customers should be extra vigilant against any phishing attacks.
According to the BBC, the company is also offering credit monitoring to all affected consumers in the US and Canada.
Home Depot has said that it is still investigating the data breach, which follows a number of attacks on other retail firms across the US.
Target suffered a high-profile attack in December 2013, resulting in the loss of payment data from as many as 70 million customers.
The rise of in-store mobile payments also means that the retail environment could become a fruitful ground for hackers. Industry experts have suggested that larger retailers in particular need to take a more proactive approach to preventing cybercrime, with stores such as Staples, Dairy Queen and Kmart all suffering attacks in the past year.