British retailer WHSmith accidentally emailed hundreds of personal customer details to users

British retailer WHSmith accidentally emailed hundreds of personal customer details to users
Credit: WHSmith

A problem with a form on the UK retailer WHSmith’s website is resulting in masses of spam email and customer details being indiscriminately sent out to anyone who enquires about magazine subscriptions.

Of course, being the sort of patient, calm nation that the UK is, almost no one took to Twitter to complain. Oh, wait, yes they did. Loads of them.

Ever been to a tech festival?

TNW Conference won best European Event 2016 for our festival vibe. See what's in store for 2017.

Unfortunately, the company is refusing to publicly acknowledge the error so far and hasn’t confirmed what details are being sent out to other users – specifically, whether it’s names and addresses, or whether it includes any sort of payment details too.

We’d expect an error like this to be sorted pretty quickly, but a nationally recognized company like WHSmith really should be more careful with the way in which it handles data in the first place; it’s impossible to put data ‘back in the bottle’ once it has leaked.

We’ve asked WHSmith for a statement and will update when we hear back.

Update: We still haven’t had a response from WHSmith, but the company told The Register that:

We have been alerted to a systems processing bug by I-subscribe, who manage our magazine subscriptions. It is a bug not a data breach.

We believe that this has impacted fewer than 40 customers who left a message on the “Contact Us” page where this bug was identified, that has resulted in some customers receiving emails this morning that have been misdirected in error.

I-subscribe have immediately taken down their “Contact Us” online form which contains the identified bug, while this is resolved. I-subscribe are contacting the customers concerned to apologise for this administrative processing error.

We can confirm that this issue has not impacted or compromised any customer passwords or payment details and we apologise to the customers concerned.

Update 2: The issue has apparently been resolved, according to the company’s official Twitter account. 

➤ Twitter complaints

Read next: How a joke dating app for bearded men became an international sensation

Here's some more distraction

Comments