The party is ON! Join us at TNW Conference 2021 in Amsterdam for face-to-face business!

The heart of tech

This article was published on September 2, 2015

British retailer WHSmith accidentally emailed hundreds of personal customer details to users

British retailer WHSmith accidentally emailed hundreds of personal customer details to users
Ben Woods
Story by

Ben Woods

Europe Editor

Ben is a technology journalist with a specialism in mobile devices and a geeky love of mobile spectrum issues. Ben used to be a professional Ben is a technology journalist with a specialism in mobile devices and a geeky love of mobile spectrum issues. Ben used to be a professional online poker player. You can contact him via Twitter or on Google+.

A problem with a form on the UK retailer WHSmith’s website is resulting in masses of spam email and customer details being indiscriminately sent out to anyone who enquires about magazine subscriptions.

Of course, being the sort of patient, calm nation that the UK is, almost no one took to Twitter to complain. Oh, wait, yes they did. Loads of them.

https://twitter.com/acidbleeps/status/639001905285464064

Unfortunately, the company is refusing to publicly acknowledge the error so far and hasn’t confirmed what details are being sent out to other users – specifically, whether it’s names and addresses, or whether it includes any sort of payment details too.

We’d expect an error like this to be sorted pretty quickly, but a nationally recognized company like WHSmith really should be more careful with the way in which it handles data in the first place; it’s impossible to put data ‘back in the bottle’ once it has leaked.

We’ve asked WHSmith for a statement and will update when we hear back.

Update: We still haven’t had a response from WHSmith, but the company told The Register that:

We have been alerted to a systems processing bug by I-subscribe, who manage our magazine subscriptions. It is a bug not a data breach.

We believe that this has impacted fewer than 40 customers who left a message on the “Contact Us” page where this bug was identified, that has resulted in some customers receiving emails this morning that have been misdirected in error.

I-subscribe have immediately taken down their “Contact Us” online form which contains the identified bug, while this is resolved. I-subscribe are contacting the customers concerned to apologise for this administrative processing error.

We can confirm that this issue has not impacted or compromised any customer passwords or payment details and we apologise to the customers concerned.

Update 2: The issue has apparently been resolved, according to the company’s official Twitter account. 

➤ Twitter complaints