A third party has obtained customer data from David Jones after the retailer suffered an online security breach.
In a notice to customers the retail chain said that a third party had exploited a vulnerability in its website to extract "limited information" about some of its customers.
"The information obtained was restricted to customer name, email address, order details and mailing address," the notice stated.
"No credit card information, financial information or passwords were obtained. David Jones does not store any credit card information or financial information on our website. There is no indication that the information has been misused in any way."
The retailer learned about the breach on 25 September. David Jones has contacted affected customers via email.
David Jones has reported the breach to the Office of the Australian Information Commissioner (OAIC) and the Australian Federal Police.
"The OAIC has since been in contact with David Jones about its immediate response to the incident, and is waiting to receive further information once their own investigation is further progressed," a statement from the privacy watchdog said.
The statement praised David Jones for notifying the OAIC and affected customers.
The vulnerability that allowed access to customer data has been closed, the retailer said.
"We are committed to making this right and are taking action to reduce the likelihood of this happening again," the retailer said.
"We are reviewing our systems, security measures and working with expert security consultants. Protecting our customers is of paramount importance to us."
The news that David Jones had been hacked comes on the heels of retailer Kmart Australia revealing it had suffered a security breach involving customer data.