ELECTRONICS FLOGGER Dixons Carphone said last year's mega-breach affected 10 million customers, up from its original estimate of, er, 1.2 million.
In a statement on Tuesday, the firm admitted that the pre-GDPR breach was almost 10 times larger than previously announced in June, when it revealed that personal information of 1.2 million customers had been accessed.
"While there is now evidence that some of this data may have left our systems, these records do not contain payment card or bank account details and there is no evidence that any fraud has resulted," Dixons Carphone said. "We are continuing to keep the relevant authorities updated."
The retailer failed to provide an update into a separate investigation into an attempt to compromise 5.9 million credit cards in one of its processing systems for Currys PC World and Dixons Travel stores.
The firm previously said that while the payment cards targeted were protected by chip and pin, around 105,000 non-EU cards without chip and pin protection may have been compromised. Dixons Carphone says it has contacted the relevant banks.
Dixons Carphone chief executive Alex Baldock said on Tuesday: "Since our data security review uncovered last year's breach, we've been working around the clock to put it right.
"That's included closing off the unauthorised access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that we're updating on today.
"As a precaution, we're now also contacting all our customers to apologise and advise on the steps they can take to protect themselves.
"Again, we're disappointed in having fallen short here, and very sorry for any distress we've caused our customers. I want to assure them that we remain fully committed to making their personal data safe with us."
Dixons Carphone was attacked similarly less than three years ago, when 2.4 million people had their info scuppered, mostly through sub-brands like Mobiles.co.uk and MVNO phone companies like iD Mobile.
The ICO this year slapped the firm with a £400,000 fine for failing to adequately secure its systems, enabling intruders to easily access the data. µ
Buy shares in VPNs now
Yes, even the one your wrote while you were steaming drunk
Tens of people inconvenienced