Bookstore chain Dymocks has warned customers of a possible data breach that could lead to their personal information being leaked on the dark web.
In an email sent to members on Friday, the bookseller's managing director, Mark Newman, said a potential hack was detected two days earlier.
"On (Wednesday), Dymocks became aware that an unauthorised party may have access to some of our customer records," he told customers.
Mr Newman said an investigation to assess what had happened was launched as soon as the breach was detected.
"While our investigation is ongoing and at the early stages, our cybersecurity experts have found evidence of discussions regarding our customer records being available on the dark web," he said.
The company apologised and said it was unsure how many customers were impacted and promised to update those affected.
Customers were warned their email addresses, phone numbers, postal addresses, genders and dates of birth could form part of the breached data.
Membership details were also potentially leaked.
A spokeswoman for Dymocks told AAP on Friday afternoon while the extent of the breach has not yet been confirmed, initial indications are that passwords and financial information have not been compromised.
The company said it will notify the Office of the Australian Information Commissioner once it has completed its investigation.
The potential breach follows a series of high-profile hacks that have exposed the personal information of millions of Australians.
Earlier this year, more than 100,000 people joined a class action against Optus over a cyber attack in April, while health giant Medibank is also being sued over its data breach in May that impacted 9.7 million people.