The UK's data watchdog is "making inquiries" after Carphone Warehouse said the personal details of up to 2.4 million of its customers may have been accessed in a cyber-attack.
The attack was discovered on Wednesday and made public on Saturday.
The encrypted credit card details of up to 90,000 people may have been accessed, the mobile phone firm said.
The Information Commissioner's Office, which examines data breaches, confirmed it was aware of the incident.
Carphone Warehouse says the data could include names, addresses, dates of birth and bank details and it is contacting all those affected.
Carphone Warehouse said the "sophisticated" cyber-attack, which happened in the past two weeks, was stopped "straight away" after it was discovered on Wednesday afternoon.
A spokesman for the Information Commissioner's Office said: "We have been made aware of an incident at Carphone Warehouse and are making inquiries."
The Metropolitan Police said its Cyber Crime Unit had been notified of the breach by Carphone Warehouse but no formal allegation of a crime had been made.
The Met said it had not had any reports of fraudulent banking activity.
The grim reality is that breaches continue to succeed despite the range and sophistication of cyber security products in use. But while breaches continue to succeed it is necessary to put in place contingency measures - in other words, when you can’t Stop the Breach, make sure you at least Spot the Breach.
Learn about PCI DSS Compliance
You can read the full article on BBC News here