Millions of Carphone Warehouse customers may have had their personal details accessed after the company was hit by a cyber attack.
The mobile phone retailer said that up to 2.4 million customers could be affected by the attack, giving hackers access to names, addresses, dates of birth and bank details.
A statement released by the firm also warned that the encrypted credit card information of up to 90,000 customers may have been accessed.
Carphone Warehouse said the security breach, which happened on Wednesday, affected a division of the company that operates websites OneStopPhoneShop.com, e2save.com and Mobiles.co.uk and provides services to iD Mobile, TalkTalk Mobile, Talk Mobile and some Carphone Warehouse customers.
Sebastian James, group chief executive of Dixons Carphone, said: “We take the security of customer data extremely seriously, and we are very sorry that people have been affected by this attack on our systems.
“We are, of course, informing anyone that may have been affected, and have put in place additional security measures.”
Angry customers have taken to Twitter to vent their frustration with the security breach, some saying more should have been done to prevent the attack.
— niall@67 (@niallwhyte) August 8, 2015
#CarphoneWarehouse have put in ‘additional security measures’ since the breach in security. Why were these measures not in place before?
— Dan Harrison (@DanHar08) August 8, 2015
Carphone Warehouse said it has been contacting all customers who may have been affected to advise them on how to reduce the risk of further consequences.
The company said in a statement: “We took immediate action to secure these systems and launched an investigation with a leading cyber security firm to determine exactly what data was affected.”
Carphone Warehouse, who merged with Dixons Retailer last year to become Dixons Carphone, also own Currys and PC World.
The company said that the customer information of Currys and PC World – and the “vast majority” of Carphone Warehouse – is held on separate systems and was not accessed during the attack.