B&Q stands accused of exposing details of suspected store thieves to the net without password protection.
The matter was flagged up in a blog post by Lee Johnstone of Ctrlbox Information Security.
"We have closed the issue down and are continuing to investigate how it occurred," said a B&Q spokeswoman. She added that there were a number of other inaccuracies in the blog post, but did not reveal what they were.
"Our continuing investigation will help us decide whether an ICO [Information Commissioner's Office] notification is required," she concluded.