Dixons Carphone has admitted that the 2017 data breach was actually worse than previously thought.
"Our investigation... has identified that approximately 10 million records containing personal data may have been accessed in 2017," says the Currys PC World and Carphone Warehouse owner.
Yep, we'd say that's significantly worse than the 5.8 million records it previously admitted were compromised.
"While there is now evidence that some of this data may have left our systems, these records do not contain payment card or bank account details," reads the statement.
The owner of Currys PC World has admitted that millions of bits of data have been compromised in a cyber attack on the company, which is now called Dixons Carphone.
In June the company admitted that more than 5.9 million card records used in Currys PC World and Dixons Travel stores were accessed.
Most of these - some 5.8 million - are UK or EU issued cards and have chip and pin protection. PINs have obviously not been disclosed as these are not kept with a card record.
Dixons Carphone said at the time that "The data accessed...contains neither pin codes, card verification values (CVV) nor any authentication data" so it would be difficult to make a purchase with this card info. So presumably card numbers and expiry dates are known to the perpetrators.
More worryingly, at least 105,000 cards from non-EU countries have also been compromised (presumably also used in Dixons Travel stores at airports mostly) although there is no update to this number in the latest statement. The problem is that these do not have chip and pin protection.
Also worrying is that the company's investigation found 1.2m records containing non-financial personal data, such as name, address or email address, have been accessed. The company makes no mention of what area of the organisation these records pertain to.
Chief executive Alex Baldock added: "Since our data security review uncovered last year’s breach, we’ve been working around the clock to put it right. That’s included closing off the unauthorised access, adding new security measures and launching an immediate investigation, which has allowed us to build a fuller understanding of the incident that we’re updating on today.
"As a precaution, we’re now also contacting all our customers to apologise and advise on the steps they can take to protect themselves."
Dixons Carphone is Europe's leading electrical and phone retailer, employing over 42,000 people in eight countries.
Carphone Warehouse was fined around £400,000 by the ICO (Information Commissioner's Office) for a breach in 2015. The breach occurred around a year after it merged with Dixons Retail to form Dixons Carphone.
Now check out: 5 ways to ensure your passwords are always safe