Hackers may have stolen the personal details of as many as 2.4 million Carphone Warehouse customers.
The company also admitted that the credit card information of as many as 90,000 people may have been accessed when one of its divisions suffered the breach, although the data is said to be encrypted.
A statement released by the firm on Saturday said the evidence suggests the attack began sometime in the two weeks before it was detected last Wednesday, but a spokesman added that the "sophisticated" operation was detected by the company's systems and stopped "straight away".
Sebastian James, group chief executive of Dixons Carphone, said: "We take the security of customer data extremely seriously and we are very sorry that people have been affected by this attack on our systems. We are, of course, informing anyone that may have been affected and have put in place additional security measures."
The affected division of Carphone Warehouse operates the websites OneStopPhoneShop.com, e2save.com and Mobiles.co.uk and provides services to iD Mobile, TalkTalk Mobile, Talk Mobile and some Carphone Warehouse customers.
Since the incident, the company says it has put additional security measures in place, but an internal investigation found that as well as bank details, the names, addresses and dates of birth of customers could also have been accessed.
Carphone Warehouse said it was contacting all customers who may have been affected to inform them of the breach and to advise them on how to reduce the risk of further consequences.
A TalkTalk spokesman said its mobile sales site, mobile.talktalk.co.uk, was a victim of the attack.
"We took the site down immediately and are carrying out thorough security checks before they restore it," he said. "However, we understand that the personal data of our mobile customers may have been accessed during the attack.
"We are working with Carphone Warehouse to establish exactly what has happened and how many customers have been affected, but as a precaution we are contacting all affected customers today to let them know what has happened and what steps they should take as a result.
"We take the security of all customer data extremely seriously and whilst we work with Carphone Warehouse to investigate this incident and establish the extent of the attack, customers are advised to look out for any suspicious online or account activity."
Tony Neate, chief executive of Government-backed web security initiative Get Safe Online, advised affected customers to change their passwords to "something unpredictable and different for every account", as the stolen data could help hackers gain access.
He added: "Carphone Warehouse is said to be getting in touch with customers who need to notify their bank and credit card company, but don't be fooled by emails or phone calls pretending to be them.
"There will always be more cyber-criminals looking to exploit the situation and trick you into sharing information a legitimate company would never ask for."
A spokesman for the Information Commissioner's Office, which examines data breaches, said: "We have been made aware of an incident at Carphone Warehouse and are making inquiries."
Technology expert Tom Cheesewright told BBC Breakfast the delay in announcing the breach may have been down to the firm trying to assess the level of damage before going public.