Pawnbroking and secondhand goods outlet Cash Converters has suffered a data breach.
Customers were notified of the leak on Thursday by email, samples of which have been posted on social media.
Cash Converters said it had discovered that a third party gained unauthorised access to customer data within the company's UK webshop.
Credit card data was not stored. However, hackers may have accessed user records including personal details, passwords, and purchase history from a website that was run by a third party and decommissioned back in September. The current webshop site is not affected, the firm said.
Cash Converters said it has reported the incident to authorities in the UK and Australia alongside launching an urgent investigation itself and taking steps to safeguard its site.
A Cash Converters mouthpiece told The Register: "We are currently working with the relevant authorities in Australia and the UK to investigate this matter. We will continue to provide as much detail as possible when it becomes available."
A spokesman for the ICO confirmed it was looking into the reported breach. "We're aware of an incident at Cash Converters UK and will be making enquiries," he said. ®
Sponsored: Webcast: Simplify data protection on AWS