The data did not contain pin codes, card verification values (CVV) or any authentication data according to Dixons Carphone.
The successful hack saw "an attempt to compromise" 5.8 million credit and debit cards, but only 105,000 cards that lacked chip-and-pin protection were leaked, the company said.
It admitted non-financial personal data, such as name, address or email address, was accessed but it again insisted that it had seen no evidence of any fraud at this stage.
Carphone Warehouse said it had no evidence that the information had left its systems or resulted in any fraud, but it was contacting those affected to advise them.
Shares in Dixons Carphone fell more than five per cent this morning after it announced the launch of an investigation finding there had been "unauthorised access to certain data" held by the company.
Dixons Carphone chief exec Alex Baldock apologised to customers for the inconvenience, adding (as is standard in post-breach statements) that the company takes security seriously.
"We've taken action to close off this unauthorised access and though we have now no evidence of fraud as a result of these incidents, we are taking this extremely seriously", he added.
"We have taken action to close off this access and have no evidence it is continuing".
The company says it has informed the ICO and the police of the attack.
We are determined to put this right and are taking steps to do so; we promptly launched an investigation, engaged leading cyber security experts, added extra security measures to our systems and will be communicating directly with those affected. While most of those were protected by chip and pin.
"The protection of our data has to be at the heart of our business, and we've fallen short here".
"We've taken action to close off this unauthorised access and though we have now no evidence of fraud as a result of these incidents, we are taking this extremely seriously".
It comes after telecoms firm TalkTalk was hit by a major cyber attack in October 2015, which saw the personal data of almost 160,000 people accessed by hackers and left the firm facing a record £400,000 fine for security failings.