WHSmith customers are being flooded with emails containing personal details for the company’s other customers.
In what appears to a significant loss of personal data, the retailer is forwarding emails sent by customers that use the "contact us" form on the company’s site.
Disturbingly, the emails include people’s phone numbers, names and email addresses.
The retailer, said: "We have been alerted to a systems processing bug by I-subscribe, who manage our magazine subscriptions. It is a bug not a data breach."
"We believe that this has impacted fewer than 40 customers who left a message on the ‘contact us’ page where this bug was identified, that has resulted in some customers receiving emails that have been misdirected in error."
Although this may have impacted less than 40 customers, it is believed that their details may have been sent to thousands of people.
Kevin Cunningham, president, SailPoint, said: "As today’s organisations house more and more sensitive data, everyone from the executive level down needs to ensure there is a collaborative effort from internal staff to protect that sensitive information and ultimately, the health and longevity of the company.
"Based on the continual news reports of cyber attacks and data breaches, clearly this is the new norm that organisations have to counteract or they risk a significant impact to their bottom-line as well as customer loyalty.
"IT can only do so much to protect the internal infrastructure, but with the right tools in place to put some onus back on the employees they can help alleviate the burden. It falls to the employees and management to ensure that protecting sensitive information is of the utmost importance."