The theft of thousands of personal details from people applying for fuel cards highlights the everyday risks of giving out information over the web, experts say.

Hackers stole personal information from nearly 6000 new Shell customers in Australia and New Zealand, the oil company said yesterday.

But internet crime experts warn no web security system is infallible and the pilfering could have happened to any company.

"The best of the best have been hacked. It just needs the slight slip of a finger to create a vulnerability that hackers can get into," police national e-crime labs operations manger Bill Crane said.

The details were swiped from a website run by a contractor, something Mr Crane said was normally the safest way for a company to run their online data collation.

"Most companies don't even try to store data themselves. [They instead] source it out to a company that specialises in this."

Shell spokeswoman Jackie Maitland said the information obtained by the hackers was contained in online application forms for a Shell fuel card.

About 1400 customers in New Zealand and 4500 in Australia were believed to have been affected, she said.

The company became aware of the hacking which affected only new customers on February 17 and had contacted all the people concerned, Ms Maitland said.

"This has not happened to us before and we are very disappointed. Obviously we regret that some customers' personal details have been exposed."

Shell was unaware of anybody having their bank accounts accessed as a result of the theft.

Information garnered by the thieves could include customers' company names, addresses, email addresses and, in some cases, bank account details, Ms Maitland said.

Queensland police and the New Zealand police ecrime unit have been notified.

The incident with Shell should serve as a "wake-up call" for businesses gathering information online, Privacy Commissioner Marie Shroff said.

(STUFF-NZ)