Retailer Big W's website remains in browsing-only mode after a glitch meant shoppers were shown the personal information of other customers.
In a notice to customers, Big W said the "technical issue" occured on Thursday November 10 between 1.50pm and 3pm.
It meant "the first stage of the checkout process [was] pre-populated with the personal information of another customer".
The data leak included a customer's name, phone and address.
Big W took down the website at 3pm on Thursday, and it has remained in browse-only mode since.
The retailer said it expected the site to return to normal functionality over the coming few days due to a staged restoration.
It said no passwords, login details, bank accounts or credit card information was leaked, meaning there is no need for customers to contact their banks or change site account details or passwords.
Big W did not reveal how many customers were affected by the privacy breach, saying that only a "small number of customers" were involved.
It said it had reported the incident to the Privacy Commissioner.