JD Sports has warned that around 10 million people might have had their personal data stolen after it was hit by a cyber attack.
The sports retailer said the affected brands from the group are JD, Size?, Millets, Blacks, Scotts and Millet Sport.
However, even with the attack the JD group has said payment card details were "safe" and that it has no reason to think the hackers have accessed users' passwords.
But information that could have been stolen includes addresses, phone numbers and email addresses.
The group announced today that the hackers had accessed a system that contained customer data relating to some online orders placed between November 2018 and October 2020.
The JD group said the intruders could have also gained access to billing, details of orders that customers have placed, and the final four digits of their payment cards in the attack.
Neil Greenhalgh, the chief financial officer of JD group apologised for the incident and said that protecting the data for its customers was an "absolutely priority" for the group.
He said: "We want to apologise to those customers who may have been affected by this incident.
"We are advising them to be vigilant about potential scam emails, calls and texts and providing details on how to report these.
"We are continuing with a full review of our cyber security in partnership with external specialists following this incident."
The business said that it would proactively contact customers whose data might have been taken in the breach.
JD Sports said it was taking the "necessary immediate steps" to investigate and respond to the incident, including the UK's Information Commissioner's Office (ICO), as necessary.
In a statement, it said: "We are engaging with the relevant authorities and we are proactively contacting affected customers so that we can advise them to be vigilant to the risk of fraud and phishing attacks.
"This includes being on the lookout for any suspicious or unusual communications purporting to be from JD Sports or any of our group brands."
It is the latest in a series of recent high-profile cyber attacks on British companies.
Within the last two weeks, Royal Mail had to halt deliveries overseas due to a ransomware attack, however, it was able to resume international signed deliveries for business customers last Thursday.
A ransomware is malicious computer software that encrypts data and locks up systems and criminals usually demand a large payment to release the data.