A statement from parent firm Dixons Carphone said names, addresses, dates of birth and bank details may be among the information in the security breach.
It said encrypted credit card data of up to 90,000 customers may also have been accessed in the hack on 5 August.
The division affected operates the websites OneStopPhoneShop.com, e2save.com and Mobiles.co.uk.
Sky News reports that all of the sites were down on Saturday afternoon.
The attacked division also provides a number of services to iD Mobile, TalkTalk Mobile, Talk Mobile, and to certain customers of Carphone Warehouse, the statement said.
The company said the vast majority of Carphone Warehouse customer data and that of Currys and PCWorld is held on separate systems and was not accessed during the attack.
It described the cyber attack as “sophisticated” and said a leading cyber security firm had been drafted in to work out what information had been compromised.
Sebastian James, Group Chief Executive of Dixons Carphone, said: “We take the security of customer data extremely seriously, and we are very sorry that people have been affected by this attack on our systems.
“We are, of course, informing anyone that may have been affected, and have put in place additional security measures.”
It is understood the data breach may have occurred up to two week before it was discovered on Wednesday.
The company said it aims to contact all 2.4 million customers affected by the end of Saturday.
A letter sent to customers of Mobiles.co.uk said: “To reduce the risk of fraudulent activity, we recommend that you consider taking the following steps: Notifying your bank and credit card company, so that they can monitor activity on your account. Checking for suspicious or unexpected online or account activity. Be careful of anyone calling asking for personal information, bank details or passwords. You can check your credit rating to make sure no one has taken out loan and credit in your name.”
Phone and telecommunications retailer Carphone Warehouse merged with the high street electrical store Dixons to make Carphone Dixons in 2014.
The Carphone Warehouse data breach is just the latest in a series of high profile organisations to have the personal data of customers accessed by someone outside.
Others that have been hit recently include Sony, Adult Friend Finder, security company Hacking Team, and the US Office of Personnel Management (OPM).
Sky’s Technology Correspondent Tom Cheshire said after the hacking of relationship site Ashley Madison that the growing number of cyber attacks could lead to a loss of confidence in the internet.