Clothing retailer Cotton Traders has confirmed that customers' credit card details were stolen from its website in January this year.
The retailer, founded by ex-England rugby players Fran Cotton and Steve Smith, claimed that the credit card details were encrypted.
Cotton Traders notified the issuers when the security breach occurred, and said that "most" of the affected cards were cancelled and reissued immediately.
"We can confirm that our customer credit card data is encrypted on our website, but if any of our customers have been a victim of fraud they should contact their card issuer," said the company in a prepared statement.
Around 38,000 credit cards were compromised, according to some reports, although Cotton Traders has dismissed the number as wildly inaccurate.
The retailer said that it has since raised the levels of security on its
Security experts suggest that such cyber-crimes are an inevitable part of an increasingly online economy.
"As people move their businesses to the web, so crime will follow," said Charlie Abrahams, European vice president at MarkMonitor.
The fact that the news of the data theft has not emerged until now is a facet of UK data protection laws.
In California, for example, companies that lose personal details of customers or employees are required by law to notify the victims within a short time. News of the loss is therefore made public immediately.
Although not a legal requirement in all states, most US companies adopt the more stringent Californian regulations.
No such requirement exists in the UK, but there are increasing calls to implement tougher legislation.
Geoengineering on the sea floor near glaciers would form a new ice shelf to prevent melting
Alterations in capillary blood flow can be caused by body position change
Curiosity rover is in 'normal mode' but not transmitting scientific data back to base
NatWest outage comes a day after Barclays' IT systems shut out customers and staff