Dixons Carphone has confirmed there has been unauthorised access of data held by the company including details of 5.9 million payment cards and 1.2 million personal data records.
Access was also gained to non-financial personal data, such as addresses, names and email information.
The retailer said there was a likely attempt to compromise millions of cards in a processing system for Currys PC World and Dixons Travel stores.
It said relevant card companies had been notified, but added there was no evidence of fraud on the cards as a result of this incident.
The group is contacting all those affected, but sought to assure it had no evidence that this had resulted in fraud at this stage.
The retailer said 5.8 million of the payment cards targeted were protected by chip and Pin, but that around 105,000 non-EU cards without chip and Pin protection were compromised.
Dixons Carphone chief executive Alex Baldock said: ‘We are extremely disappointed and sorry for any upset this may cause.
‘The protection of our data has to be at the heart of our business, and we’ve fallen short here.
‘We’ve taken action to close off this unauthorised access and though we have currently no evidence of fraud as a result of these incidents, we are taking this extremely seriously.
‘We are determined to put this right and are taking steps to do so; we promptly launched an investigation, engaged leading cyber security experts, added extra security measures to our systems and will be communicating directly with those affected.’
The news comes days after Yahoo’s UK arm was fined £250,000 ($335,000) by the UK Information Commissioner’s Office (ICO) over a data breach affecting more than 500 million users which took place in 2014.