A fault with Marks and Spencer's website allowed customers to see each other's details when they logged into their own accounts.
The British retailer suspended its site for two hours on Tuesday night to fix the problem.
It said the glitch was the result of an internal error, rather than of an external hack attack.
It added that its customers' full credit card details were not among the exposed information.
However, personal data, including names, dates of birth, contacts and previous orders were shown.
One user told the BBC he had seen another person's account details when he tried to register a store loyalty card.
"It accepted my registration but then told me i had 9,000 sparks points which i thought was a bit odd," said Mark Hill.
"So, I looked at the account details and despite saying 'hi Mark' , it was quite clearly an account belonging to a female in a different part of the country."
A call centre employee who handles complaints for the firm recounted another incident.
"One woman contacted me and informed me that 'a bloke from the other side of the country' had contacted her by telephone because he had seen all her details while using the M&S website, and felt she should know about it," he said.
"Many callers were anxious and very concerned - they understood the seriousness of the situation.
"It took nearly an hour before the website was shut down - something one tech guy told me should have been done as soon as the problem was recognised."
Marks and Spencer has apologised for the glitch.
"Due to a technical issue, we temporarily suspended our website yesterday evening," an M&S spokesman said.
"This allowed us to thoroughly investigate and resolve the issue and quickly restore service for our customers."
It is not yet clear how many people's details were seen by other M&S customers as a result of the fault.
- 27 October 2015
- 27 October 2015