Of course, all 5.9 million card numbers could potentially be used for online purchases where the chip and pin system doesn't protect against fraudulent use -- though it would be difficult without a CVV or billing address.

In the course of the company's investigation, it also found that 1.2 million records containing non-financial personal data, such as names and addresses, had also been accessed, although it's not clear what part of the company this information relates to.

In a statement, the company said that it has "no evidence to date of any fraudulent use of the data as a result of these incidents," and that the attack has been stopped thanks to additional security measures. However, Dixons Carphone CEO Alex Baldock admitted that the company had "fallen short" with the protection of its data. For the UK's biggest tech retailer outside of Amazon, that's a worrying acknowledgement.

Update, 2PM ET: This article has been updated with more details on exactly what data the hackers accessed and how it could potentially be used.