Target's massive security breach late last year could have been even more extensive, the company warned Friday. “Our investigation of the matter is ongoing and it is possible that we will identify additional information that was accessed or stolen, which could materially worsen the losses and reputational damage we have experienced,” the retail giant said in an SEC filing. Target has said so far that more than 40 million customer credit and debit card records were stolen, as were 70 million other customer records, in the enormous holiday season cyberattack. Congress is still probing the hack, and credit card companies are pushing for better security. The store also faces a raft of litigation from customers and from banks that want to be reimbursed for the millions they had to spend to replace customers' cards.