Dixons Carphone says a data breach in 2017 was worse than originally thought and it affected 10 million customers.
The firm also admitted that it has uncovered evidence that some of the data that was accessed may have been taken from its systems.
It has assured customers that pin codes, card verification values and authentication data that could be used to make purchases have not been accessed and there is no evidence any fraud has resulted.
The huge breach first came to light in June when Dixons Carphone revealed hackers had accessed 5.9 million payment cards used at Currys PC World and Dixons Travel, and 1.2 million personal data records.
Biggest data breaches of the last 20 years. It meant that personal information belonging to millions of customers including their names, addresses and email details was vulnerable.
Dixons Carphone again apologised to customers for the breach as it announced on Tuesday that the breach affected about 10 million customers.
It said in a statement on Tuesday: “Our investigation, which is now nearing completion, has identified that approximately 10 million records containing personal data may have been accessed in 2017.
While there is now evidence that some of this data may have left our systems, these records do not contain payment card or bank account details and there is no evidence that any fraud has resulted.
We are continuing to keep the relevant authorities updated. Hacker As a precaution, we are choosing to communicate to all of our customers to apologise and advise them of protective steps to minimise the risk of fraud.
As we indicated previously, we have taken action to close off this access and have no evidence it is continuing.
Dixons Carphone Chief Executive Alex Baldock said: “Since our data security review uncovered last year’s breach, we’ve been working around the clock to put it right.
That’s included closing off the unauthorised access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that we’re updating on today.
Again, we’re disappointed in having fallen short here, and very sorry for any distress we’ve caused our customers. I want to assure them that we remain fully committed to making their personal data safe with us.
Dixons Carphone is contacting the affected customers to inform them, apologise and give them advice on protective steps to take.