Apacs has called the recent hacking attack on the Cotton Traders website a “serious” breach, saying the hackers could use the stolen card details for fraud.

The clothing company, set up by the former England rugby captains Fran Cotton and Steve Smith, said it had identified a security issue in January.

The payment industry trade body Apacs said the attack was serious because hackers accessed details that could be used for "card not present" (CNP) fraud. This means that stolen card numbers could be used to buy things over the internet or via the telephone.

A representative for Apacs said: “Plastic card fraud has gone on. There is a specialist police team investigating this.”

We put Apacs claim to Cotton Traders, but we didn't get a reply at the time of going to press. The company, which has more than two million customers on its database told us in an earlier statement, that the BBC’s claim that 38,000 cards were involved was " wildly inaccurate."

It said: “We immediately brought in industry security experts to resolve the problem," and its customer credit card data was now encrypted on its website.

"All card-holders should have been contacted by their bank and issued with new cards following the attack," it added.

It advised those worried about their bank details to contact their card issuer.

The case follows last year’s hacking attack of another clothing retailer, TK Maxx, which lost over 45 million customer records. Last year, hotel chain Travelodge also suffered a problem that led to names, addresses and parts of credit card numbers being accessible to other customers.

MarkMonitor said that hackers were moving towards retail sites as banks, which were traditionally targeted, had “hardened their websites and security features.”

Charlie Abrahams, vice president and general manager at the company said: “Phishing attacks and cybersquatting crimes against retailers are a more recent trend so there is a lot more education and enhanced security needed in this industry sector.”

He advised those worried about fraud to check their statements and alert their bank if they found anything wrong.