Information such as credit card details and birth certificates uploaded during tenancy applications may have been published on the website of a Perth property management business for up to 21 months, a warning to clients has revealed.

On Monday Perth-based Primus Realty emailed 750 of its clients warning that tenancy application information collected via its website from March 2018 to December 12, 2019 may have been made public.

The tenancy information may have been online for up to 21 months.

The information could include sensitive identifying information such as names, birthdays, addresses, telephone numbers, driver licences, passports, birth certificates and even Medicare numbers.

Worryingly, financial documents may have also made it online including credit card details, bank statements, proof of income and bills.