Dixons Carphone admitted that a 2017 cyberattack may have affected 10 million records containing personal data, far more than its original estimate.
The UK electronics retailer's investigation into the security breach revealed that some of the data may have been taken from its systems, but doesn't think it contains payment card or bank account details, it said in a Tuesday press release.
In June, the company reported that the breach impactedin one of the processing systems of Currys PC World and Dixons Travel stores.
It noted that there is no evidence of any fraud as a result of the attack, but it's keeping authorities updated and is contacting customers to suggest precautionary measures.
"Since our data security review uncovered last year's breach, we've been working around the clock to put it right. That's included closing off the unauthorised access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that we're updating on today," Dixons Carphone CEO Alex Baldock said in a statement.
"I want to assure them that we remain fully committed to making their personal data safe with us."
Dixons Carphone didn't immediately respond to a request for further comment.