Department Store Marks & Spencer Exposed Customer Data
Retailer // UK, UK
A technical glitch allowed the retailer’s customers to see one another's account details.
Customers posted messages on the Marks and Spencer's Facebook page to alert the chain to the data breach. They said they were able to see past orders and personal information of other customers online when they logged on to register their loyalty cards, a recently-launched store perk.
The company shut down its website for two hours after the troubles became apparent.
No customer financial details were compromised, the store said.
But some shoppers claimed they could see other people’s payment details. A spokeswoman said people might have been able to see the last four digits of another person’s payment card “for a brief moment”, but since the details were encrypted there was no security risk.
One customer, Russell Harding, wrote: “Well I tried to register my Sparks card but logged into my account and found another persons details, orders and personal information. This is more than a glitch in the system, this is totally reckless ... What I want to know is who has my information and now what can they do with it.”
Becky Connor, another shopper, posted on the page: “I also registered my card tonight to find that I could see at least another three customers’ details. Their name, address, telephone number, date of birth and what they have previously ordered. Not very good M&S.”
The company said that it would write to every customer affected to apologize and assure financial details are safe. “Its statement came after several shoppers called on M&S to provide reassurance that their details would not be misused,” according to the Guardian.
According to the Daily Mail, customers started complaining about a problem the night of Oct. 26.