3200 customers of the Perth Mint have had their personal data hacked.
The mint says the breach involved the system of a third-party technology provider.
Authorities including the Australian Federal Police are investigating.
The personal details of thousands depository customers at the Perth Mint, those holding precious metals, have been hacked.
The Perth Mint confirmed that 3200 Depository Online customers had their information put at risk and that cyber-crime experts had been called in.
CEO Richard Hayes says forensic investigations continue into the data breach on the system of a third-party technology provider.
"While we are extremely disappointed, we have again assured our customers that their investments are unaffected and remain safe and secure," he says.
Hayes says there is no evidence to suggest the mint’s own internal systems have been compromised.
"We are continuing to work with the third-party provider to understand how this breach has occurred and we will continue to work with the authorities, including the Australian Federal Police," he says.
"I can assure our customers there is no threat to any account holdings at The Perth Mint and none of our data systems have been breached."
The Depository Online investors represent a small subset of Perth Mint's customer base.
Perth Mint, Australia's official bullion mint, opened in 1899 as a branch of Britain's Royal Mint to refine gold from Western Australia's goldfield and to mint gold sovereigns.
Garrett O'Hara, Principal Technical Consultant at Mimecast, says the data breach highlights the risk of third party services.
"Businesses are operating in extremely complex risk environments in terms of their in-house risk, and exposure through their supply-chain and third party services," he says.
"This is a significant challenge for businesses to audit, and even more difficult to remediate when problems occur."
One of Australia's biggest hacks also involved a service provider, PageUp, the supplier of a recruitment platform to some of Australia’s biggest companies and government agencies.
The extent of that incident was kept secret by PageUp and by Australian authorities, including the Office of the Australian Information Commissioner, but subsequent analysis shows the personal details of hundreds of thousands of job seekers were at risk.