Marks & Spencer was forced to suspend its website last night for two hours after it emerged that customers could see other people's details when they were logged in.
Customers were able to see order histories, personal addresses and a number of other details belonging to other account holders when they logged in to register their new Sparks loyalty cards. Credit card details were not among the information being exposed.
It is not yet known how many people's details were leaked.
The retailer, which has suffered a series of glitches since taking its website in-house, said it was a "technical issue" and had not been hacked.
"Due to a technical issue, we temporarily suspended our website yesterday evening," an M&S spokesman said.
"This allowed us to thoroughly investigate and resolve the issue and quickly restore service for our customers. We apologise to customers for any inconvenience caused."