The Yahoo data breach includes eight million user accounts in the UK, the Information Commissioner's Office (ICO) has said.
ICO data regulator Steve Eckersley told the BBC that discussions with the internet firm revealed that "over eight million UK people had been affected" by the cyber attack, which compromised around 500 million Yahoo accounts globally.
Mr Eckersley called the figures "quite concerning".
Earlier, Information Commissioner Elizabeth Denham said "serious questions" must be asked of Yahoo following the hack.
"The vast number of people affected by this cyber attack is staggering and demonstrates just how severe the consequences of a security hack can be," she said.
"People's personal information must be securely protected under lock and key - and that key must be impossible for hackers to find."
Yahoo confirmed that while most user passwords were encrypted and not visible to hackers, many security questions and answers linked to accounts were. This has led to criticism from analysts over Yahoo's security set-up and failure to report the breach.
Alex Mathews, from online security firm Positive Technologies, said: "The elephant in the room is Yahoo's admission that 'encrypted or unencrypted security questions and answers' might be amongst the hackers' haul.
"If the investigation determines that this extremely sensitive information were stored unencrypted, then serious questions need to be answered as this lack of security will highlight serious failings by Yahoo in its responsibility to protect customers."
Yahoo has urged all users to change their passwords and security questions in wake of the breach.
MORE ABOUT