Electronics retailer Dixons Carphone has suffered a massive data breach, with attackers accessing 5.9 million customer payment-card details and a further 1.2 million records containing personal information.
In a second breach, personal data such as name, address or email addresses, have been accessed.
The company said in a statement: Our investigation is ongoing and now indicates that there was an attempt to compromise 5.9 million cards in one of the processing systems of Currys PC World and Dixons'.
"We've taken action to close off this unauthorised access and though we have now no evidence of fraud as a result of these incidents, we are taking this extremely seriously".
The group is contacting all those affected, but sought to assure customers it had no evidence that this had resulted in fraud at this stage.
About 5.8 million cards affected had chip-and-PIN protection, the company said, and the data accessed for these cards do not include the personal identification codes or other authentication data enabling cardholders to be identified or purchases to be made.
"We are extremely disappointed and sorry for any upset this may cause", said Chief Executive Alex Baldock.More news: Dancing FBI agent facing charges in accidental shooting
More news: Federal judge temporarily blocks deportation of pizza worker
More news: Kate Middleton perfected summer style in a $70 Zara dress
Dixons Carphone said it had immediately notified the relevant card companies so that they could protect customers.
It said it had called in cyber experts and added extra security to its systems following the breach, while also since calling in the police and relevant authorities.
In a press release, the retailer revealed 5.9 million card records were compromised. "We have no evidence to date of any fraudulent use of the data as result of these incidents".
"The NCSC website offers advice to organisations about ensuring their online security is as robust as possible, including guidance on protecting bulk personal data from cyber attack", they added.
In 2016 the ICO fined broadband provider TalkTalk 400,000 pounds for security failings that allowed hackers to launch a cyber-attack in 2015.
Dixons Carphone said it had no evidence that any of the cards had been used fraudulently following the breach.
Others compared the Dixons Carphone breach to the compromise of U.S. retailer Target in arguing lessons have not been learned.