The owner of Dixons and Carphone Warehouse today revealed hackers grabbed the details of 5.9million customers cards and 1.2million personal records.
The major data breach involved shoppers at Currys PC World and Dixons Travel but bosses insist there is no sign of any related fraud.
Access was also gained to non-financial personal data, such as addresses, names and email information.
It comes just months after the company was fined £400,000 for a 2015 cyber attack which exposed the personal data of more than three million customers.
Retailer Dixons Carphone has become the latest victim of a cyber attack after revealing 5.9 million customer bank card details and 1.2 million personal data records were hacked
The retailer said there was a likely attempt to compromise millions of cards in a processing system for Currys PC World and Dixons Travel stores.
The retailer said 5.9million of the payment cards targeted were protected by chip and Pin, but that around 105,000 non-EU cards without chip and Pin protection were compromised.
The company is urging customers to take protective measures, but said there is no evidence of fraud on the cards at this stage.
It said the data accessed did not contain Pin codes, card verification values (CVV) or any authentication data allowing cardholder identification or a purchase to be made.
The group added it did not believe the personal data accessed had left the group’s systems.
The hack could lead to the company becoming the latest to be fined by the information commissioner, after Yahoo were fined £250,000 over a breach involving 500,000 UK customers and TalkTalk were hit with a £400,000 after 150,000 customers’ details were accessed.
The breach included details of 5.9 million payment cards and 1.2 million personal data records
Dixons Carphone chief executive Alex Baldock said: ‘We are extremely disappointed and sorry for any upset this may cause.
‘The protection of our data has to be at the heart of our business, and we’ve fallen short here.
‘We’ve taken action to close off this unauthorised access and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously.
‘We are determined to put this right and are taking steps to do so; we promptly launched an investigation, engaged leading cyber security experts, added extra security measures to our systems and will be communicating directly with those affected.’
Dixons breach is latest in a series of hacking attacks on British firms
News of the Dixons hack comes the day after Yahoo‘s British arm was fined £250,000 for taking two years to tell half a million users that their personal information had been harvested by hackers.
Globally the personal data of 500million international customers was taken, including more than 515,000 in Britain during the breach in 2014.
But it took the web giant two years to publicly admit this – meaning that users of the popular email service were in the dark for years.
Last night, the Information Commissioner’s Office (ICO) accused the company of failing to take ‘technical and organisational measures’ to protect the data of 515,121 customers.
Hackers have repeatedly targeted British companies to access customers’ data
It emerged last year that around 400,000 people in the UK may have had their information stolen following a cybersecurity breach at the credit monitoring firm Equifax.
The US company said an investigation had revealed that a file containing UK consumer information ‘may potentially have been accessed’.
The data included names, dates of birth, email addresses and telephone numbers, but not not addresses, passwords or financial information, the company said.
In 2016, TalkTalk was hit with a record £400,000 fine for the security failings that led to the company being hacked in October 2015.
The Information Commissioner’s Office said the attack ‘could have been prevented if TalkTalk had taken basic steps to protect customers’ information’.
More than 150,000 people of the internet service provider had personal information access, including sensitive financial data of more than 15,000 customers.