Retailer Dixons Carphone has gone public about a hack attack involving 5.9 million payment cards and 1.2 million personal data records.
Dixons Carphone said it had immediately notified the relevant card companies so that they could protect customers.
"While Dixons has said that there is no evidence of fraud taking place, now the data is in the criminal sphere, it's unlikely to be long before it starts being shopped around amongst criminals, with ensuing phishing and bruteforce attacks launched".
Video: Equifax teaches us what not to do after a data breach.
According to a statement made by the company, the security breach was discovered during a recent review of the company's systems and data.
However, it was quick to add that 5.8 million of these cards had chip and PIN protection, and that the data stolen did not include pin codes, card verification values (CVV) or authentication data - making it more hard for the hackers to monetize the breached data.
The UK Information Commissioner's Office said it was aware of the data breach.
They added: 'Separately, our investigation has also found that 1.2m records containing non-financial personal data, such as name, address or email address, have been accessed.
USA, Canada and Mexico to host 2026 FIFA World Cup
Hosting rights for previous World Cups had been awarded by what was then a 24-person FIFA Executive Committee. As it stands now, 60 games will be played in the United States , with Mexico and Canada hosting 10 each.
The compromised data didn't include PIN codes, CVV numbers, or any other personal or authenticating information that could lead to fraudulent use.
However around 105,000 of the accessed cards were non-EU issued, and lacked chip-and-PIN, and it says those cards have been compromised.
Baldock said the company had engaged cyber security experts to handle the matter and would be communicating directly with those customers affected.
"We are extremely disappointed and sorry for any upset this may cause". Baldock added that Dixons Carphone has also "added extra security measures" to its systems.
The National Cyber Security Centre has warned people to be mindful of potential fraud and follow-up campaigns.
Yesterday also saw Yahoo's United Kingdom arm fined £250,000 for a data breach in 2014 which affected more than 500 million users.
'We are contacting those whose non-financial personal data was accessed to inform them, to apologise, and to give them advice on any protective steps they should take.