An ICO spokesperson said:
"It is always a company's responsibility to identify UK victims and take steps to reduce any harm to consumers. The Information Commissioner’s Office have been pressing the firm to establish the scale of any impact on UK citizens and have also been engaging with relevant US and UK agencies about the nature of the data breach.
"It can take some time to understand the true impact of incidents like this, and we continue to investigate. Members of the public should remain vigilant of any unsolicited emails, texts or calls, even if it appears to be from a company they are familiar with. We also advise that people review their financial statements regularly for any unfamiliar activity.
“If any financial details appear to have been compromised, victims should immediately notify their bank or card company. If anyone thinks they may have been a victim of a cyber crime they should contact Action Fraud.”