The bank revealed the scope of the previously disclosed breach on Thursday, saying that there was no evidence that account numbers, passwords, user IDs, birth dates or Social Security numbers had been stolen. The people affected are mostly account holders, but may also include former account holders and others who entered their contact information at the bank’s online and mobile sites, according to a bank spokeswoman.