Millions of Dixons Carphone customers have had their financial and personal data illegally accessed after a major breach at the United Kingdom company.
The major data breach involved shoppers at Currys PC World and Dixons Travel but bosses insist there is no sign of any related fraud.
It added that its investigation also found hackers had accessed non-financial personal data like names, addresses or email details for more than one million customer records.
The company said relevant card companies had been notified but that there was no evidence of fraud on the cards as a result of the incident.
Carphone Warehouse said it had no evidence that the information had left its systems or resulted in any fraud, but it was contacting those affected to advise them.
The group said that, while 5.8 million of the payment cards targeted were protected by chip and pin, around 105,000 non-EU cards without chip and pin protection were compromised.
Chief executive Alex Baldock admitted the group had "fallen short" of its responsibility to protect customer data.
"We have taken action to close off this access and have no evidence it is continuing", the company said.
"The fact this only came to light now thanks to a review of the company's systems and data and actually occurred in 2017 is also cause for some concern", he said.
He said: "Today's breach of Dixons data will have far reaching consequences for some time".
It said 5.8 million of these cards had chip and pin protection and the data accessed contained neither pin codes, card verification values nor any authentication data that would enable cardholder identification or purchases to be made.
The Information Commissioner's Office (ICO), the Financial Conduct Authority and law enforcement have all been informed about the attack. We promptly launched an investigation, engaged leading cyber security experts and added extra security measures to our systems.
Dixons says it doesn't believe that the attackers have anything like the amount of data required to use the cards fraudulently.
"The NCSC website offers advice to organisations about ensuring their online security is as robust as possible, including guidance on protecting bulk personal data from cyber attack", they added.