Dixons Carphone Plc said a cyberattack affected nearly 6 million payment cards as hackers sought unauthorized access to customers' personal data.
The breach was uncovered by Dixons Carphone this week, but apparently took place back in July 2017, when hackers tried to access a processing system used by its Currys PC World and Dixons Travel stores.
However, the firm said that 5.8million of the cards have chip and pin protection and that pin codes and CVV numbers were not accessed.
"We've taken action to close off this unauthorised access and though we have now no evidence of fraud as a result of these incidents, we are taking this extremely seriously", he added.
The company said it had informed the relevant authorities, including the Information Commissioner's Office, the Financial Conduct Authority, and the police.
"We are extremely disappointed and sorry for any upset this may cause", he said.
It goes on to offer the not-entirely-reassuring reassurance that it has "no evidence to date of any fraudulent use of the data as result of these incidents" before admitting the compromised information included (incomplete, in some cases) payment card data.
Reunión gobierno y CGT: ofrecen "puente salarial" del 5%
La cumbre se celebró en el Salón de los Científicos de la Casa Rosada, y se produjo en la previa a la reunión de Consejo Directivo convocada por la CGT para definir la fecha de un paro general .
However around 105,000 of the accessed cards were non-EU issued, and lacked chip-and-PIN, and it says those cards have been compromised.
In addition to payment cards, the intruders also accessed 1.2M records containing non-financial personal data - such as name, address or email address.
The ICO said it was liaising with the National Cyber Security Centre, the FCA and other agencies to determine the impact on customers.
Dixons Carphone chief exec Alex Baldock apologised to customers for the inconvenience, adding (as is standard in post-breach statements) that the company takes security seriously.
It comes after telecoms firm TalkTalk was hit by a major cyber attack in October 2015, which saw the personal data of almost 160,000 people accessed by hackers and left the firm facing a record £400,000 fine for security failings.
Dixons shares fell as much as 4.9 percent in London.
'The protection of our data has to be at the heart of our business, and we've fallen short here.