The Anthem cyber attack that may have left vulnerable the information of as many as 78.8 million people also may have included millions of non-customers, the health insurer said.
The country's second-largest health insurer said anywhere from 8.8 to 18.8 million people who are members of other Blue Cross Blue Shield plans, and used their insurance in the past decade in a state where Anthem operates, are included in the estimate of people who may have been victimized.
Anthem's estimate includes 14 million incomplete member records, according to a statement from the company.
"While Anthem is not able to match incomplete records to a specific member, it does have valid mailing addresses for some of these records. Anthem will distribute member notifications to the valid address on file as part of its effort to notify every potentially impacted member," a spokesperson told ABC News in an email.
When Anthem first discovered the hack on Jan. 29, the company immediately notified members and the FBI that customer data including "names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data," may have been exposed.
Anthem is offering those impacted by the cyber attack free identity protection services for two years and has further outlined details on a website dedicated to the crisis, AnthemFacts.com.
"Hacks like this are unfortunately commonplace," Robert Siciliano, an online safety expert to Intel Security, told ABC News after the attack. "The fact that it involves social security numbers puts the consumer at a greater risk, since a social can't be changed forever."
Siciliano said he recommends everyone -- not just those affected by the hack -- immediately ask the three nationwide credit bureaus to freeze their information so new lines of credit can not be opened unless a user thaws their credit.
A small fee may apply in some cases, however Siciliano said instituting a freeze is a vital layer of protection that gives consumers "complete control" over their credit.
William Pelgrin, CEO of Center for Internet Security, also underscored the importance of getting a credit freeze and advised consumers to be vigilant of their bank accounts -- even months after the hack when you may think you're safe.
"Check your bank, credit card and other account statements for any unusual activity," he told ABC News earlier this month. "The criminals might not try to access your account for several months or more, attempting to avoid detection during the time of high profile attention to the breach."
For more information on how to get a credit freeze, check out this checklist from the Federal Trade Commission.