Carphone Warehouse revealed over the weekend that a data breach may have exposed the personal details of up to 2.4 million customers.
The U.K.-based retailer sells devices and mobile service plans from major operators, and owns an MVNO called iD.
In a statement on Saturday, Carphone Warehouse said it suffered "a sophisticated cyber-attack" on 5 August, during which personal data, including the name, address, date of birth and bank details of affected customers "may have been accessed."
Encrypted credit card data of up to 90,000 customers may have also been accessed, the company said.
"We are very sorry that people have been affected by this attack on our systems. We are, of course, informing anyone that may have been affected, and have put in place additional security measures," said Sebastian James, CEO of Dixons Carphone, Carphone Warehouse’s parent company.
Hackers accessed information stored by a division of Carphone Warehouse that operates online mobile phone Websites. The sites in question are OneStopPhoneShop.com, e2save.com, and Mobiles.co.uk.
The division also provides services to iD, TalkTalk Mobile, Talk Mobile – an MVNO – and to "certain customers of Carphone Warehouse," the company said.
"We took immediate action to secure these systems and launched an investigation with a leading cyber security firm to determine exactly what data was affected. We have also put in place additional security measures to prevent further attacks," said Carphone Warehouse.
