Dixons Carphone has admitted that around 10 million records containing personal data of customers may have been accessed during a major cyber attack in 2017.
The retailer has been investigating the breaches since it first revealed them in June, with the probe now nearing completion.
At the time, Dixons Carphone said hackers were able to gain access to 5.9 million payment cards and 1.2 million personal data records – but has now revised that figure to approximately 10 million.
In a London Stock Exchange statement, the company reassured customers and shareholders that the records “do not contain payment card or bank account details and there is no evidence that any fraud has resulted”.
Chief executive Alex Baldock apologised for “any distress we’ve caused our customers” and said he was “disappointed in having fallen short here”.
“Since our data security review uncovered last year’s breach, we’ve been working around the clock to put it right,” he said.
“That’s included closing off the unauthorised access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that we’re updating on today.
“As a precaution, we’re now also contacting all our customers to apologise and advise on the steps they can take to protect themselves.”