WHSmith Contact Us Sends Email To Companies Mailing List

Online shopping is a big thing, and companies like to keep track of what you’re buying and even send you the odd offer here or there, you brought a TV so why not buy a sound system for 20% less? Normally these offers mean we sign up with some sort of password and email combination, and you expect them to store these and be safe. In recent years we’ve seen some sites hacked and their details published online, but today it would seem that WHSmiths has taken it a step further with their contact us form emailing everyone who had registered for magazines with the company!

In a statement, WHSmiths stated that “I-subscribe [the company responsible for their magazine subscriptions] have immediately taken down their ‘Contact Us’ online form which contains the identified bug, while this is resolved”. They stressed in their discussion with the Guardian newspaper that it was “a bug not a data breach”.

The emailed not only included the information such as the person’s name and the message they wished to send but was sent to a large list of contacts, thus exposing their details to a wider than wanted audience.  Some of the earlier messages contained not only their real names and emails but also postal addresses and phone numbers.

With data security at its highest and customers, both paying, and interested parties, worried about the extensive breaches and accidents, will companies soon look at different ways of storing information where these accidents could happen less?

Thank you The Guardian for the information.

Image courtesy of Corporate Marks and Spencers.