Bunnings Warehouse shoppers who have used the contactless pick-up service may have had some of their personal information stolen.
The company has emailed customers to say they have recently been made aware of a data security breach experienced by its third-party booking provider Flexbooker.
This may have included customers' names and email addresses, which were provided when they selected a timeslot for a drive and collect order.
LIVE UPDATES: Territory announced $5000 fine failing to report COVID-19 infection
The company assured shoppers that passwords, credit card information and mobile phone numbers "are not collected when using Flexbooker to make a booking with us".
"We are confident that none of these categories of customer data have been compromised," the group's chief information officer Leah Balter said.
The company is working with Flexbooker to understand how the breach occurred and determine the extent of its impact.
READ MORE: The $1b tower slowly sinking into the ground
"We're reaching out directly to any customers whose name or email address may have been accessed," the email to customers said.
"We have also notified the Office of the Australian Information Commissioner (OAIC)."
Bunnings encouraged its customers to be cautious of any unusual activity in their email accounts and to regularly change passwords "as a precaution".
"Bunnings takes the security of our customers' and team members' personal information very seriously, and will carry out a thorough investigation into this incident," Ms Balter said.
