In an email message received by customers on 21 March, Play admitted that names and email addresses could have been compromised by a security breach at an unnamed agency.
It went on to assure customers that the breach occurred outside of Play.com at a third party agency and other personal information such as credit card details remain secure.
Play says in the email that it takes privacy and security very seriously to ensure all sensitive customer data is protected.
The retailer adds: “Please be assured we have taken every step to ensure this doesn’t happen again and accept our apologies.”
The online retailer goes on to advise customers to be “vigilant” when using the internet but does not give any details of the breach.