Last month Dixons Carphone warned on profits and said it would have to close shops, wiping more than £500 million pounds off its market value and now this.
Fortunately, the company took action to shut down access and found no evidence it is continuing.
"We have no evidence to date of any fraudulent use of the data as result of these incidents”, the company said.
It said its ongoing investigation indicated there was an attempt to compromise 5.9 million cards in one of the processing systems of Currys PC World and Dixons Travel stores.
It said 5.8 million of these cards had chip and pin protection and the data accessed contained neither pin codes, card verification values (CVV) nor any authentication data that would enable cardholder identification or a purchase to be made. However, 105,000 non-EU issued payment cards which do not have chip and pin protection had been compromised.
Dixons Carphone said it had immediately notified the relevant card companies so that they could protect customers.
The group said it had also found that 1.2 million records containing non-financial personal data, such as names, addresses or email addresses, had been accessed. It said there was no evidence of fraud here either.
Chief Executive Alex Baldock said he was extremely disappointed and sorry for any upset this may cause.
“The protection of our data has to be at the heart of our business, and we’ve fallen short here”, he said.
The group said it had informed the Information Commissioner’s Office (ICO), the Financial Conduct Authority (FCA) and the police about the incident.