Insurance firm Staysure has written to more than 90,000 customers to warn they could have been victims of fraud after a cyber attack.
People who took out policies prior to May 2012 may have had data, including the three-digit card verification value (CVV) number on their payment cards, stolen.
The Information Commissioner's Office and police have been informed, Staysure chief executive officer Ryan Howsam said in a statement today.
Some 93,389 policy holders have received letters from Staysure informing them of the issue and asking them to check their bank statements, following the IT breach at the end of October.
Mr Howsam said: "In that attack, encrypted payment card details of customers who purchased insurance from us before May 2012 were stolen, along with CVV details and customer names and addresses. From May 2012 we ceased to store this data.
" We became aware of the problem on November 14, and quickly informed the relevant card issuing bodies and subsequently The Financial Conduct Authority, the Information Commissioner's Office and the police.
"We immediately hired independent forensic data experts to fully ascertain the extent of the problem and have written to 93,389 affected customers, which represents fewer than 7% of our customer base, to warn them and to ask them to check that they have not been the victims of any fraud as a result."
Any affected customers are being given free access to an identity monitoring service.
Mr Howsam said the software that was attacked and has now been replaced, adding: "We are deeply sorry that this has happened and are working diligently to make sure that inconvenience to customers is minimised."
Payment card companies were also contacted by Staysure after the breach was detected.