Dixons Carphone has said a huge data breach that took place last year involved 10 million customers, up from its original estimate of 1.2 million.
The Carphone Warehouse and Currys PC World owner has been investigating the hack since it was discovered in June.
It said personal information, names, addresses and email addresses may have been accessed last year.
However, no bank details were taken and it had found no evidence that fraud had resulted from the breach.
The hackers also got access to records of 5.9 million payments cards, but nearly all of those were protected by the chip and pin system.
Dixons said it was “very sorry for any distress” caused and it would be apologising to customers, although it did not say how or over what timescale it would be contacting them.
Dixons said it had been working with leading cyber security experts and had put in further security measures to safeguard customer information.
The National Crime Agency began investigating the breach last month when it was first revealed. It is working with the National Cyber Security Centre, the Financial Conduct Authority and the UK’s data protection regulator, the Information Commissioner’s Office.
Dixons Carphone chief executive Alex Baldock, said: “Since our data security review uncovered last year’s breach, we’ve been working around the clock to put it right.
“That’s included closing off the unauthorised access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that we’re updating on today.
“As a precaution, we’re now also contacting all our customers to apologise and advise on the steps they can take to protect themselves.”