The two online shopping websites were hacked between April 23 and May 10 and customers' data including names, addresses, phone numbers and credit card information may have been leaked, according to the operator of the two fast-fashion brands.
"We deeply apologize to our customers and pledge to prevent this from happening again," the company said in a statement.
Fast Retailing has taken measures to block the unauthorized access and invalidate the passwords of the breached accounts.
It also asked all customers who were affected to reset their passwords for their accounts at the company's online stores.
Fast Retailing said there have been no reports of information being used by a third party so far.
However, the company said identification numbers and passwords previously leaked from other website operators may have been used in the unauthorized access.