High street retailer Lakeland has told customers to change all their passwords after revealing that two of their databases were hacked on 19 July.
Although the kitchenware company said there is only a "small possibility that encrypted data" had been accessed, it is asking consumers to change their passwords on the site, as well as on any other sites they use the same password for.
A spokesperson also said that there was no evidence that credit or debit card data has been stolen despite the "sophisticated and sustained attack".
"We are always open and honest with our customers and though we do not know for sure that data has been stolen, we are being proactive and advising that as a precaution customers change their passwords," Lakeland said in a statement.
"We would like to sincerely apologise to our customers for this incident. We have stringent security procedures in place to protect our customer data and the security and privacy of our customers remains the highest priority to us."
The company only admitted to the attack when it realised the encrypted databases had been hacked.
Tony Preedy, Lakeland's marketing director, added, "Our experts analysing the situation have not been able to confirm whether any data has been taken but we decided it was appropriate to tell customers there was a risk. We had not left the doors unlocked, so to speak, but nevertheless they were able to penetrate."
The company believe the hackers exploited a "recently identified flaw" in the Java software used by the website's servers.