Retailer Dixons Carphone has gone public about a hack attack involving 5.9 million payment cards and 1.2 million personal data records.
Dixons Carphone said it had immediately notified the relevant card companies so that they could protect customers.
"While Dixons has said that there is no evidence of fraud taking place, now the data is in the criminal sphere, it's unlikely to be long before it starts being shopped around amongst criminals, with ensuing phishing and bruteforce attacks launched".
Video: Equifax teaches us what not to do after a data breach.
According to a statement made by the company, the security breach was discovered during a recent review of the company's systems and data.
However, it was quick to add that 5.8 million of these cards had chip and PIN protection, and that the data stolen did not include pin codes, card verification values (CVV) or authentication data - making it more hard for the hackers to monetize the breached data.
The UK Information Commissioner's Office said it was aware of the data breach.
They added: 'Separately, our investigation has also found that 1.2m records containing non-financial personal data, such as name, address or email address, have been accessed.
After Trump trade spat, UK's May warns against unilateral action
While there was "common ground" in some areas, she said she was "disappointed" by the United States stance on trade. It is up to the diplomats now to ameliorate the relationship between the two trading partners.
The compromised data didn't include PIN codes, CVV numbers, or any other personal or authenticating information that could lead to fraudulent use.
However around 105,000 of the accessed cards were non-EU issued, and lacked chip-and-PIN, and it says those cards have been compromised.
Baldock said the company had engaged cyber security experts to handle the matter and would be communicating directly with those customers affected.
"We are extremely disappointed and sorry for any upset this may cause". Baldock added that Dixons Carphone has also "added extra security measures" to its systems.
The National Cyber Security Centre has warned people to be mindful of potential fraud and follow-up campaigns.
Yesterday also saw Yahoo's United Kingdom arm fined £250,000 for a data breach in 2014 which affected more than 500 million users.
'We are contacting those whose non-financial personal data was accessed to inform them, to apologise, and to give them advice on any protective steps they should take.