Reports are emerging of IT problems at UK high street chain WHSmith which have exposed personal information from subscribers to other customers.

The stationer and bookstore admitted to The Independent that there had been a “bug” in the system supporting its magazine subscription service, leading to customers “receiving emails this morning that have been misdirected in error.”

The firm claimed the Contact Us form, which was at the source of the problem, has now been taken down.

A statement had the following:

"I-subscribe (who manage WHSmith's magazine subscriptions) are contacting the customers concerned to apologize for this administrative processing error. We can confirm that this issue has not impacted or compromised any customer passwords or payment details.”

Angry customers have flooded the WHSmith Facebook page to complain, with phone numbers, email addresses and names of subscribers apparently sent to other subscribers in error thanks to the IT glitch.

One, Jenny Gallagher, complained: “I've had about 16 emails from your customers emailing your company. What is going on??? It’s very irritating and I want to know why these emails (with confidential information) are coming to my inbox.”

Another, Steph Armitt, said: “65 emails starting at 00.12 this morning with different customers names, phone numbers and email addresses????? Very irritating......”

Kevin Cunningham, founder of identity access management firm SailPoint, argued that every stakeholder from the board down needs to work together to protect sensitive information and prevent cases like this.

“IT can only do so much to protect the internal infrastructure, but with the right tools in place to put some onus back on the employees they can help alleviate the burden,” he added.

“It falls to the employees and management to ensure that protecting sensitive information is of the utmost importance.”

WHSmith was at pains to point out that the issue in this instance was not a data breach caused by external hackers but an IT bug. However, it does appear to have led to a significant privacy breach.