Travel booking website AA Traveller says it has had its data breached.
AA Traveller said the website was in use between 2003 and 2018 and allowed customers to make travel bookings, enter competitions and take part in surveys.
In a statement on its website AA Traveller said it "recently discovered a vulnerability in the application where the AA Traveller information was stored and that an unauthorised party accessed information within the database used".
It said AA Traveller had worked to fix the vulnerability and have been working with cyber security advisors.
"The information on the data application has also been removed and safely secured. AA Traveller is no longer using the system that was compromised," AA Traveller said.
AA Traveller said any customers who had personally identifiable information exposed as a result of the breach should expect to be contacted by them by 13 May.
AA Traveller said it is working with the Office of the Privacy Commissioner.