Company confirms 2017 data leak hit 10m people – a contrast to the previously reported 1.2m victims

Dixons Carphone has revealed that a 2017 data breach affected nine million more customers than previously thought.

The huge information leak exposed the details of 10 million people, the company admitted, in a hack which was only discovered in June.

It was previously thought that 1.2 million people were affected.

Personal details including names, addresses, and email addresses were reportedly stolen in the cyber incident.

Dixons, a UK-based company which also owns Currys PC World and other retail brands across Europe, said no bank details were taken – though hackers did gain access to records of 5.9 million payment cards.

Most of these cards were chip and PIN protected, and the data accessed did not include PIN codes, card verification values (CVV), or “any other authentication data enabling cardholder identification”.

A statement from the company read: “While there is now evidence that some of this data may have left our systems, these records do not contain payment card or bank account details and there is no evidence that any fraud has resulted.

“We are continuing to keep the relevant authorities updated

“As a precaution, we are choosing to communicate to all of our customers to apologize and advise them of protective steps to minimize the risk of fraud.

“As we indicated previously, we have taken action to close off this access and have no evidence it is continuing.”

The company also said it was “adding new security measures”, but didn’t give any details on what these measures might be.

Dixons Carphone’s primary brands include Currys PC World, Carphone Warehouse and Dixons Travel in the UK and Ireland, along with Elkjøp, Elgiganten, and Gigantti in the Nordic countries, and Kotsovolos in Greece.