Department store chain David Jones has been informing customers of a large-scale data breach which saw hackers gain access to customer names, email and mailing addresses, and order details.

In a statement on David Jones’ website, the retailer stressed that no credit card details, financial information or passwords were accessed.

“On 25 September 2015, David Jones learned that a third party exploited a vulnerability in our website to extract limited information about some of our customers. David Jones does not store any credit card information or financial information on our website. There is no indication that the information has been misused in any way.”

The website unnamed hackers exploited a vulnerability in its IBM WebSphere-based website, a similar attack happened to Kmart Australia who use the same WebSphere technology.

David Jones said: “The vulnerability which was used to access the data has been shut down.  We are now working with cyber security experts and the Australian Federal Police to fully investigate this matter.”