Personal details of up to 2.4m customers at smartphone retailer Carphone Warehouse may have been accessed during a sophisticated cyber-attack, with encrypted credit card details for up to 90,000 also accessed.

The company became aware of the breach on 5 August but did not alert customers until three days later while it carried out an investigation with a cyber security firm to determine what data was affected and put new protections into place.

The breach targeted one of the companys divisions which operates the websites OneStopPhoneShop.com, e2save.com and Mobiles.co.uk, as well as providing services to iD Mobile, TalkTalk Mobile, Talk Mobile and a small number of Carphone Warehouse customers.

According to the company, the “vast majority” of Carphone Warehouse customer data was not affected, nor was customer information for Currys or PC World, which are owned by the same company, Dixons Carphone.

“We take the security of customer data extremely seriously, and we are very sorry that people have been affected by this attack on our systems,” said Sebastian James, group chief executive at Dixons Carphone. “We are, of course, informing anyone that may have been affected, and have put in place additional security measures.”

Preventing cyber-attacks and repairing the damage done by them costs UK businesses £34bn a year, according to the Centre for Economics and Business Research, with 15 per cent of businesses having lost revenue due to cybersecurity breaches. Shares in Dixons Carphone opened almost two per cent lower following the news breaking.