Up to 2.4 million customers of the British phone retailer Carphone Warehouse may have had their personal information stolen after a "sophisticated cyber attack", the company said on Saturday.
The encrypted credit card data of up to 90,000 customers may have also been accessed, the company said in a statement to BuzzFeed News.
"We and our partners are contacting all those customers who may have been affected to inform them of the breach and to give them advice to reduce any risk and minimise inconvenience," the company press release said.
The stolen personal data may include the names, addresses, dates of birth, and bank details of customers.
According to Carphone Warehouse, the company discovered on Wednesday that the IT systems of one of its UK divisions had been breached. "This division operates the websites OneStopPhoneShop.com, e2save.com, and Mobiles.co.uk, and provides a number of services to iD Mobile, TalkTalk Mobile, Talk Mobile, and to certain customers of Carphone Warehouse," the company said.
The three sites were all down as of Saturday afternoon.
"We took immediate action to secure these systems and launched an investigation with a leading cyber security firm to determine exactly what data was affected," the company said.
Sebastian James, the CEO of Carphone Warehouse's parent company, Dixons Carphone, said additional security measures had been put in place to prevent further attacks.
"We take the security of customer data extremely seriously, and we are very sorry that people have been affected by this attack on our systems," James said.
David Mack is a reporter and weekend editor for BuzzFeed News in New York.
Contact David Mack at email@example.com.
Got a confidential tip? Submit it here.