Online retailer Play.com informed customers of a data breach of customer information after some of the firm's customers reported spam arriving to email addresses only used for the retailer.
The company was aware of of 'irregular activity' at the firm's email marketing provider Silverpop but apparently believed that customer emails had not been downloaded.
"We would like to assure all our customers that the only information communicated to our email service provider was email addresses," the company said in a statement.
"Play.com has taken all the necessary steps with Silverpop to ensure a security breach of this nature does not happen again."
The retailer moved to reassure customers that other personal information such as credit cards, addresses and passwords were held securely in systems "audited and tested several times a year by leading internet security companies."