This article was published on September 2, 2015

British retailer WHSmith accidentally emailed hundreds of personal customer details to users


British retailer WHSmith accidentally emailed hundreds of personal customer details to users

A problem with a form on the UK retailer WHSmith’s website is resulting in masses of spam email and customer details being indiscriminately sent out to anyone who enquires about magazine subscriptions.

Of course, being the sort of patient, calm nation that the UK is, almost no one took to Twitter to complain. Oh, wait, yes they did. Loads of them.

https://twitter.com/acidbleeps/status/639001905285464064

The <3 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

Unfortunately, the company is refusing to publicly acknowledge the error so far and hasn’t confirmed what details are being sent out to other users – specifically, whether it’s names and addresses, or whether it includes any sort of payment details too.

We’d expect an error like this to be sorted pretty quickly, but a nationally recognized company like WHSmith really should be more careful with the way in which it handles data in the first place; it’s impossible to put data ‘back in the bottle’ once it has leaked.

We’ve asked WHSmith for a statement and will update when we hear back.

Update: We still haven’t had a response from WHSmith, but the company told The Register that:

We have been alerted to a systems processing bug by I-subscribe, who manage our magazine subscriptions. It is a bug not a data breach.

We believe that this has impacted fewer than 40 customers who left a message on the “Contact Us” page where this bug was identified, that has resulted in some customers receiving emails this morning that have been misdirected in error.

I-subscribe have immediately taken down their “Contact Us” online form which contains the identified bug, while this is resolved. I-subscribe are contacting the customers concerned to apologise for this administrative processing error.

We can confirm that this issue has not impacted or compromised any customer passwords or payment details and we apologise to the customers concerned.

Update 2: The issue has apparently been resolved, according to the company’s official Twitter account. 

➤ Twitter complaints

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Published
Back to top