Wez Bryett, co-chief executive of the company, said on Friday that external IT and cyber security consultants had been hired to investigate the breach. Customers who made purchases between 1 November 2018 and 29 April 2019 had been notified of a possible leak of data.
"These experts have confirmed that our website is now secure, including any personal or payment information provided when shopping with Princess Polly," he said.
"We have been working closely with leading external IT and cyber security consultants to confirm which customers may have been impacted and identify precisely which information is involved in the incident.
The personal data that could have leaked included:
- billing and shipping name, address, email and phone number;
- credit/debit card details provided to complete the purchase;
- date of birth;
- any gift voucher details used to complete the purchase; and
- username and password.
Bryett advised users to change the password for their Princess Polly accounts, change all passwords that may have been identical or similar to the password used to access the account (such as email, social media, online banking etc) and to keep a look out for email, telephone and text-based scams.