Newsagent WHSmith has compromised users’ private data sending it in hundreds of emails to customers due to a misconfigured “contact us” form on the retailer’s magazine website.

Information typed into the form, which is supposed to then be passed on to the company itself, was instead apparently sent to its entire mailing list.

In a vicious cycle, some subscribers used the affected form in an attempt to contact WHSmith to end the email bombardment – instead generating still-more messages to fill users’ inboxes.

WHSmith Magazines confirmed that the breach is a technical issue and hid the contact-us form from its website.

In a statement, the company told the Guardian: “We have been alerted to a systems processing bug by I-subscribe, who manage our magazine subscriptions. It is a bug not a data breach.” A WHSmith spokesman added that 22 customers’ personal information was exposed due to the bug.

It continued: “I-subscribe have immediately taken down their ‘Contact Us’ online form which contains the identified bug, while this is resolved. I-subscribe are contacting the customers concerned to apologise for this administrative processing error. We can confirm that this issue has not impacted or compromised any customer passwords or payment details and we apologise to the customers concerned.”

Some of the messages sent in the early period of the flaw contain sensitive personal information including real names, phone numbers, and email and postal addresses.

Anyone else getting dozens of emails via @WHSmith contact form ? Including phone numbers pic.twitter.com/960EZYNSSE — Lynn Schreiber (@LynnCSchreiber) September 2, 2015

@WHSmith super, you've sent me over 100 people's personal details, awesome, so who's got mine?!?! 👌 — Jamie Skuse (@jskuse89) September 2, 2015

Unfortunate that every time someone emails @WHSmith about magazine subscriptions it's going to *everyone* on the database. Details too. — Jono Read (@jonoread) September 2, 2015

First live pictures as @WHSmith social media managers wander into work https://t.co/zuBvISd64Y pic.twitter.com/kQviwJVhVC — Charlie Lindlar (@charlielindlar) September 2, 2015

It isn’t the first time the retailer has resorted to drastic measures to correct an IT problem. In 2013, it closed down its entire website for more than a week after it was discovered selling hardcore pornographic ebooks, some featuring rapes and bestiality.