Monday, 20 March 2017

Saks Fifth Avenue Customer Email Addresses Posted Publicly

The email addresses for thousands of Saks Fifth Avenue customers were sitting on the retailer’s website, unencrypted, for an unknown period of time.

BuzzFeed News reports that the list, which has since been removed from the internet, was likely created as a result of Saks’ parent company Hudson’s Bay sorting customer information into plain text on its servers.

While the information didn’t include payment information for customers, it did contain several IP addresses and product codes for items that customers had expressed interest in purchasing.

BuzzFeed News reports that the information was removed after the publication contacted Hudson’s Bay for comment.

“We take this matter seriously,” an HBC spokesperson told BuzzFeed News. “The security of our customers is of utmost priority and we are moving quickly and aggressively to resolve the situation, which is limited to a low single-digit percentage of email addresses. We have resolved any issue related to customer phone numbers, which was an even smaller percent.”

The retailer added that it has teams dedicated to the security of customers’ data, including following “industry best practices for information security.”

BuzzFeed also alleges that some pages on the Saks site were not properly secured, potentially leaving online shoppers vulnerable. The article is not clear on whether that issue has been addressed by Saks or HBC. We’ve written to the company for clarification and will update if we receive a response.


by Ashlee Kieler via Consumerist

No comments:

Post a Comment