Retailer Debenhams has said that up to 26,000 customers of its Flowers website have had their personal data compromised following a cyber-attack.
Payment details, names and addresses were potentially taken during the incident, which targeted Ecomnova, a third party e-commerce company.
Debenhams said it has contacted customers whose data was accessed.
Customers of Debenhams.com, a separate website, have not been affected, the company added.
The attack took place between 24 February and 11 April and the Debenhams Flowers website is currently offline.
"Our communication to affected customers includes detailing steps that we have taken and steps that those customers should take," Debenhams said in a statement.
A spokeswoman told the BBC that emails have been sent to just under 26,000 customers and that this will be followed up with a letter in the post.
"As soon as we were informed that there had been a cyber-attack, we suspended the Debenhams Flowers website and commenced a full investigation," said Debenhams chief executive Sergio Bucher in a statement.
"We are very sorry that customers have been affected by this incident and we are doing everything we can to provide advice to affected customers and reduce their risk."
The Information Commissioner's Office (ICO) has been informed of the incident.