New York - Bank of New York Mellon Corp said on Thursday that a security breach involving the loss of personal information is much larger than previously reported, affecting about 12.5 million people, up from 4.5 million.

The case is the largest new reported U.S. data breach in 2008, as measured by the number of exposed records, according to the Identity Theft Resource Center.

Connecticut Gov. Jodi Rell, who announced a probe of the breach in May, in a statement said she is still pursuing a possible "substantial" fine, restitution and other remedies against Bank of New York Mellon.

Kevin Heine, a spokesman for the New York-based company, said the number of affected individuals had risen by 8 million from the 4.5 million reported earlier. Rell estimated the total number of customers that could be affected at 10 million.

According to Connecticut officials, the case stemmed from the bank's February 27 loss of six to 10 unencrypted tapes, while it was transferring back-up tapes that contained names, addresses, birth dates and Social Security numbers.

"The vast dimensions of this data breach affect not only hundreds of thousands of individuals and businesses in Connecticut, but millions across our nation," Rell said in a statement. She said the number of affected individuals grew following subpoenas that she ordered in May.

Bank of New York Mellon is the world's largest custodial bank and one of the 10 largest asset managers. It said it is notifying affected individuals, but that there remains no indication that personal data has been accessed or misused.

Brian Rogan, the bank's chief risk officer, said the bank is reviewing its security policies and procedures, and will offer affected individuals comprehensive fraud protection, including free credit monitoring.

Earlier this month, U.S. authorities charged 11 people from five countries with stealing tens of millions of credit and debit card numbers from several retailers including TJX Cos, in one of the largest identity theft schemes ever.