Clothing retailer Cotton Traders has confirmed that customers' credit card details were stolen from its website in January this year.

The retailer, founded by ex-England rugby players Fran Cotton and Steve Smith, claimed that the credit card details were encrypted.

Cotton Traders notified the issuers when the security breach occurred, and said that "most" of the affected cards were cancelled and reissued immediately.

"We can confirm that our customer credit card data is encrypted on our website, but if any of our customers have been a victim of fraud they should contact their card issuer," said the company in a prepared statement.

Around 38,000 credit cards were compromised, according to some reports, although Cotton Traders has dismissed the number as wildly inaccurate.

The retailer said that it has since raised the levels of security on its site.
Security experts suggest that such cyber-crimes are an inevitable part of an increasingly online economy.

"As people move their businesses to the web, so crime will follow," said Charlie Abrahams, European vice president at MarkMonitor.

The fact that the news of the data theft has not emerged until now is a facet of UK data protection laws.

In California, for example, companies that lose personal details of customers or employees are required by law to notify the victims within a short time. News of the loss is therefore made public immediately.

Although not a legal requirement in all states, most US companies adopt the more stringent Californian regulations.

No such requirement exists in the UK, but there are increasing calls to implement tougher legislation.