Hackers have obtained the credit card details of almost 19,000 online shoppers from telecoms giant AT&T.
AT&T has emerged as the leading US telecoms provider
The US company said it had notified shoppers at its online store of the security breach, which affected people buying high-speed DSL internet items.
Security was breached at the weekend, the company said, and online stores were quickly shut down in response.
AT&T said it would reimburse customers for any fraudulent transactions and pay for any necessary credit services.
There were no indications that fraudulent transactions had been carried out before the stolen information came to light, AT&T said.
"We recognise that there is an active market for illegally obtained personal information," said Priscilla Hill-Ardoin, the company's chief privacy officer.
"We are committed to both protecting our customers' privacy and to weeding out and punishing the violators."
The company said that only customers who shopped at its online store selling DSL internet equipment were affected by the breach, but other branches of its online store were closed as a precaution.
It notified affected customers of the theft of their information by e-mail, by telephone and by post.
AT&T is the largest telecoms provider in the US, and a key supplier of broadband DSL equipment and internet connections to the US domestic and business markets.
US analyst Todd Stefan, of Setec Investigations, told the Associated Press that incidents of high-profile security fraud were on the rise.
A "very large underground international community" trades in stolen personal information, especially credit card details, Mr Stefan said.