Retailer Dixons Carphone announced on Wednesday it had uncovered a major breach involving millions of people's data.
The company said in a statement: Our investigation is ongoing and now indicates that there was an attempt to compromise 5.9 million cards in one of the processing systems of Currys PC World and Dixons'. The company says there's no evidence of fraudulent activity, but those affected have been notified.
It's also been keen to stress that it has found no evidence of fraud taking place due to the breach, and that includes the 1.2 million personal records containing names, addresses, and emails.
The company says it has informed the ICO and the police of the attack.
"The protection of our data has to be at the heart of our business, and we've fallen short here", said Alex Baldock, chief executive of Dixons Carphone.
"We've taken action to close off this unauthorised access and though we have now no evidence of fraud as a result of these incidents, we are taking this extremely seriously", he added.
Putin dismisses G7 criticism as 'babbling', calls for cooperation
Russian President Vladimir Putin says counterterrorism efforts are a priority for a regional grouping led by Moscow and Beijing. Putin, in China for an global conference, did not address the sanctions, but instead focused on Trump's goodwill.
Sane, Leno dropped from Germany squad
Goalkeepers: Manuel Neuer (C), Kevin Trapp and Marc-Andre ter Stegen. " The decisions I and my coaches had to make were not easy ".
Some Americans say friendly ties with Canada will persist despite Trump tirades
Both aides accused Trudeau of betraying Trump, a Republican, at a news conference held after the US president had departed Canada.
Last month, the retailer forecast that earnings this year will slump about 21 percent as it closes mobile-phone stores in a contracting United Kingdom household-electronics market.
Because the data breach dates back to previous year it will be dealt with by the ICO under the powers of the Data Protection Act 1998 and not the European Union General Data Protection Regulation (GDPR) which went into effect on May 25. But around 105,000 non-EU issued payment cards were compromised. It said since the 2015 attack it had worked extensively with cyber security experts to upgrade its security systems.
The company does not reveal when its systems were compromised; nor exactly when it discovered the intrusion; nor how long it took to launch an investigation - writing only that: "As part of a review of our systems and data, we have determined that there has been unauthorised access to certain data held by the company".
"The National Cyber Security Centre is working with Dixons Carphone plc and other agencies to understand how this data breach has affected people in the United Kingdom and advise on mitigation measures", an NCSC spokesperson told ZDNet.
They claim stolen data is not believed to have left internal systems, but are advising customers to take protective steps anyway.