The company said the leak, caused by a server misconfiguration, affected order details, customer and shipping information, but not credit card numbers or passwords.
Fraudsters could potentially use such customer order details to personalize their phishing or telephone scams.