Customer and retailer information relating to the AA Shop, where customers can buy items like maps, car accessories, car kits and travel guides, was compromised in April.
The company said today that the affected data relating to customer orders “was not sensitive” and payment details have not been compromised. An independent investigation has been ordered.
A technology expert told the Yorkshire Post he understood more than 100,000 email addresses had been affected.
“I have knowledge that the data actually contained 117,000 email addresses,” the source said.
A separate article published by technology website Motherboard also said 117,000 email addresses had been affected.
The AA said it would be not be commenting further on the numbers affected and the type of data involved as an investigation is still ongoing.
“The entire issue is being investigated independently and therefore it is not appropriate to divulge more detail at this stage,” a spokesman said.
An AA spokesman said: “We can confirm that the AA was informed of a potential vulnerability involving some AA Shop data on April 22, 2017.
“The AA Shop is run via a third party website supplier who was notified. They identified the vulnerability and the issue was resolved on April 25.
“The data related to AA Shop orders for items such as maps (some retailers and some personal customers). For a short period a misconfiguration in the server allowed access to two backup data files so a number of steps were taken to ensure the ongoing security of the AA Shop.
“An investigation was undertaken, samples of the data were analysed and as the data was not sensitive, and our third party supplier informed us that the data was only accessed several times, the case was closed.
“Legal letters warning against a dissemination breach under the ‘Computer Misuse Act’ will be issued. The ICO has been informed and we have commissioned a full independent investigation into the issue.
“We take any data issues incredibly seriously and would like to reassure our AA Shop customers that their payment details have not been compromised.”