Customer Sues Sears For Data Breach
When it became known that retailer Sears, headquartered at Cook County III had a security breach on its ManageMyHome.com site leading to exposure of customer data; a resident of New Jersey filed a $5m lawsuit against the company.
Christine Desantis, a consumer of Sears' products who lodged the complaint alleged that the retailer's site made available details about ten purchases she conducted to any person capable of exploiting the security hole. However, she is not aware if the information had been actually viewed.
Desantis who filed the complaint on January 4, 2008 in Cook County III also alleged that the retailer's careless revelation of customer data demonstrated a violation of the Consumer Fraud Act along with breaking of the contract rules.
The complaint alleged that it is now very simple for anyone to access Sear clients' private purchase report, meaning that an inquisitive person could easily find out the amount his next door neighbor spent to obtain a new lawnmower or washing machine. More problems could arise if marketing companies harvest Sears' customer data from its website to help in detailed canvassing of products and warranties, it alleged.
Needless to say hackers could hunt for information and use it for ID theft and similar insidious crimes.
According to the complaint, the essence of the incident is that the retailing company failed to reasonably secure its customers' private information.
The complaint said that since fair dealing and good faith is implicit in Sears' contract, the company needs to disclose if and how much of consumers' personal information it makes publicly available and what steps it takes to secure such data. It says Sears not only fails to disclose this but also makes opposite disclosures. For it delineates on its site, specific circumstances - all of which do not match the current case - under which the retailer restricts sharing of customer information.
In early January this year, security researchers indicated that Sears was loading spyware on PCs of those consumers who subscribed to its 'community program' on MySHCCommunity.com. Then on January 3, 2008 it was further revealed that Sears' main site displayed customers' shopping history.
Related article: Customer’s Data Leaked Out of a UK Loan Website
» SPAMfighter News - 18-01-2008
We are happy to see you are reading our IT Security News.