Dixons Carphone has revealed a data breach affected 10 million personal data records, up from its original estimate of 1.2 million.
An investigation into the breach also found evidence some data may have left the retailer’s systems. Dixons Carphone insists the compromised records do not contain payment card or bank account details.
When it disclosed the breach in June, the retailer said only non-financial personal data such as names, addresses and email addresses had been accessed.
Dixons Carphone chief executive Alex Baldock said: “Since our data security review uncovered last year’s breach, we’ve been working around the clock to put it right.
“That’s included closing off the unauthorised access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that we’re updating on today.
“As a precaution, we’re now also contacting all our customers to apologise and advise on the steps they can take to protect themselves. We’re disappointed in having fallen short here and very sorry for any distress we’ve caused our customers.”
Dixons Carphone said its investigation has found “no evidence that any fraud has resulted” from the breach.
The electronics specialist is upping its investment in cybersecurity and “working intensively with leading cybersecurity experts”.
The breach is believed to have begun in 2017 and only emerged during a review of the retailer’s systems and data.
The Information Commissioner’s Office, the Financial Conduct Authority and the police were all informed on discovery of the breach. Dixons Carphone is keeping the authorities updated on the progress of its investigation, which is nearing completion.