Hue added that Australia Post needs to use better data encryption tools as encryption allows the merchant to mask critical and identifiable information while the data is in use and in transit.

"While I do not believe any financial or personal information is at risk, some of these details can be engineered in a spear phishing attack," he said.

Hue pointed out that customer invoices also contain a significant amount of useful information which can be mined, again, to launch targeted attacks.

In a statement, an AusPost spokesperson said the Click and Send site had been temporarily deactivated and it hoped to have the service back up and running "as soon as possible".

"Australia Post would like to reassure Click and Send customers that at no stage were their financial details compromised," an AusPost spokesperson said.