U.K. retailer Next has admitted its Next Directory online and catalogue business has suffered fraud losses of several million pounds in the first half of the year.
And the news has prompted security firms to warn that businesses are risking reputation damage where they fail to guard against external and internal security threats.
Chief executive Simon Wolfson said Next had suffered "significant fraud' that could be as much as £6 million (AU$14.5 million) in six months.
He said there had until recently been "several loopholes in the way we allowed customers credit" that the clothes and home ware retailer had now taken steps to close.
According to unconfirmed reports identity fraud was a key problem experienced by the retailer, with fraudsters found to be taking control of other customers' accounts or setting up bogus accounts.
Next has tightened its credit controls in response to the problem.
But Greg Day, security analyst at McAfee, said Next's problems were "a graphic example of how a breach in information security can impact both a business and its customers."
He said the attacks should act as a warning to others that regulatory compliance now meant that companies were increasingly responsible for the direct and indirect costs of lost information, and any damage to reputation or loss of brand value that might arise.