Builders' merchant Jewson may have been targeted by hackers trying to steal its customers account details.
The merchant has taken its Jewson Direct online store offline and has advised that up to 2,000 customers may have had their data stolen.
The customers afected are likely to have been those who used Jewson Direct between 23 August and 3 November.
A spokesperson for Jewson said: “We confirm that the Jewson Direct website (formerly the Jewson Tools website www.jewsondirect.co.uk) has been the target of a security breach. We have notified 1,659 customers whose data may have been compromised and are offering free credit monitoring to all of those affected to help detect any potential misuse of data in the future.
“Only the Jewson Direct website was affected by the security breach.
“Our main website www.jewson.co.uk , our credit account customers and transactions across our branch network are not affected by the security breach and are operating normally.
“We have commissioned a forensic investigation into the breach using a specialist firm and the Jewson Direct website will remain offline until the investigation is complete.
“We sincerely apologise for the distress and inconvenience this security breach has caused to those customers affected.”
The company sent a letter to customers warning them that a whole range of information may have been stolen during the breach. This might have included names, location, billing address, password, email, phone numbers and payment details.
At this stage, it is believed that a foreign piece of code was encrypted into the Jewson Direct website.
The company told customers that no card data is stored by Jewson, however, until the investigation has been completed, customers were informed of the potential breach of card data as an advisory measure.
A spokesperson for the UK's data watchdog, the ICO, said: "We are aware of an incident involving Jewson, and will be making enquiries."