A fault with Marks and Spencer’s website allowed customers to see each other’s details when they logged into their own accounts.
The British retailer suspended its site for two hours on Tuesday night to fix the problem.
It said the glitch was the result of an internal error, rather than of an external hack attack.
It added that its customers’ full credit card details were not among the exposed information.
However, personal data, including names, dates of birth, contacts and previous orders were shown.
One user told the BBC he had seen another person’s account details when he tried to register a store loyalty card.