WHSmith Blames ‘Administrative Error’ For Privacy Mishap

LegalRegulationSecuritySecurity Management
0 0 No Comments

British newsagent denies data breach after customer information is reportedly emailed to its entire mailing list

High Street newsagent WHSmith has admitted to a serious privacy mishap after a misconfigured web page triggered a mass email to its entire mailing list.

It has reportedly blamed the mistake on an “administrative error”. But the company angered many online when it insisted it was not a “data breach”.

Admin Error

The WHSmith data breach happened after a problem with the “contact us” form on its magazine website.

Whistleblower leak keyboard security breach © CarpathianPrince ShutterstockIt seems that when information was typed into the web page, the completed form was supposed to transmitted to WHSmith itself. But instead, the form was reportedly emailed to the entire WHSmith mailing list.

This prompted an angry response on Twitter from users concerned about their data privacy.

“Unfortunate that every time someone emails @WHSmith about magazine subscriptions it’s going to *everyone* on the database. Details too,” tweeted one user.

WHSmith eventually admitted to the problem and Tweeted “We can confirm that the issue with the contact form on the WHS Magazines site is resolved.”

WHSmith did not respond directly to TechweekEurope at the time of writing. But the company issued the following statement on Facebook.

“We have been alerted to a systems bug by I-subscribe who manage our magazine subscriptions,” said WHSmith.

“This is not a data breach,” said the company. “We can confirm that this has impacted 22 customers. I-subscribe have immediately taken down this online form and are contacting the customers concerned to apologise for this administrative error. This issue has not impacted or compromised any customer passwords or payment details.”

No Data Breach?

WHSmith’s attempt to downplay the seriousness of the event and insist it was not a data breach has not gone down well with some people.

“Given that I have received emails from more than 22 different email addresses this would demonstrate that this has impacted more than you have suggested,” wrote Bea Ossei on Facebook. “Also I have never had a subscription with you guys so why have I been receiving these emails. Your comms throughout this process has been shocking.”

“Not sure how exactly this hasn’t breached data protection,” wrote Clare Hubert. “Customers names, email addresses and telephone numbers have been sent out to alot of email addresses and d be pretty peeved if it was my details being sent out! With that information someone could easily call a customer and pretend to do a magazine subscription and take card details! This is appalling service! I hope from this no unsuspecting person is scammed!”

No doubt, WHSmith will soon have to field a call from the Information Commissioner’s Office (ICO), which tweeted this afternoon that it was already looking into the breach.

Try our privacy quiz. We won’t tell anyone!


Author: Tom Jowitt
Click to read the authors bio  Click to hide the authors bio