back to article OH DEAR, WHSmith: Sensitive customer data spaffed to world+dog

British newsagent WHSmith has a major privacy hole on its website, after its magazine subscription service began emailing everyone on the mailing list. The data protection howler has been flagged up on Twitter by plenty of angry customers who fear having their personal information plundered by wrongdoers. However, despite the …

  1. Vince

    The contact page has been deleted from the server by the looks of it...

  2. mark 120

    "It's a bug not a data breach"

    Good luck getting that accepted by the ICO.

  3. John H Woods

    "It is a bug not a data breach." The first part of the sentence is true, the second part is an outright falsehood. I do not understand how organisations are allowed to get away with making such statements.

    1. Steven Raith

      £5 says that PR != technical, but are allowed to make public statements without checking the veracity of them nonetheless because making it sound OK to the public is better than admitting that it's actually really, really rather bad.

      Steven R

    2. Alan Brown Silver badge
      Devil

      " I do not understand how organisations are allowed to get away with making such statements."

      Who says they will? :)

  4. m0rt

    NEW MEME!

    "It is a bug not a data breach."

  5. Anonymous Coward
    Anonymous Coward

    Yeah but

    What about my Razzle subscription?

    1. Anonymous Coward
      Anonymous Coward

      Re: Yeah but

      What about your Razzle Subscription?

    2. Anonymous Coward
      Anonymous Coward

      Re: Yeah but

      According to their website, the next issue should be with you in a few days...

  6. Little Mouse

    WHSmith?

    Are they still a Thing?

    I used to go there quite a lot when the Home Computer era started. Not so much these days though. I can't think of anything that they sell that I couldn't get cheaper / more conveniently elsewhere. Their presence on the High Street is doomed.

    Good luck to them surviving in an on-line capacity. Oh. Oops.

    1. Peter Gathercole Silver badge

      Re: WHSmith?

      You know, WH Smiths actually does have a place on the High Street. In many small towns, they are often the only book seller stocking current titles there, and what a lot of people don't realise is that the other news agents in any area almost certainly get their news papers and magazines delivered through the WH Smith distribution channels.

      I'm not saying that I agree with the way that they are reducing the space set aside to books in the smaller stores, as they only really now stock the big name author and celebrity books. They may still have one or two books from a couple of dozen other authors, but you can guarantee that you will not be able to buy a complete series from anything other than the major stores. "Oh", they say when asked, "We can always order them in for you". Yes. I can do that too, and Amazon may be cheaper.

      But I still value a shop on my High street that has reasonable range and quality of stationary, books, magazines, maps, and many other things, when the rest of the chains have abandoned towns with populations under 15,000, so I still go out of my way to buy things from them.

      The problem that many people who don't visit small towns don't appreciate is that they are being abandoned by the large shopping chains. You could say that it's my fault for living in such a town, but it's 20+ miles as the crow flies to get to the next largest town, and the roads mean that it's 45 minutes each way. Buying from the Internet is fine, but if I have to do a 40-50 mile round trip, just to buy things over the counter, it can make life more complicated.

      1. werdsmith Silver badge

        Re: WHSmith?

        They have a good magazine selection, when you can get near them. The problem being that there are saddos who will stand in front of the shelves for hours and seemingly read entire magazines to avoid buying it. The Stationery is hand, the book range in our small local one is good, they compete with Waterstones on the top selling fiction books, the Works on cheapo books and do a huge range of educational stuff supporting schools.

        Kobos E-book readers. Snacks, confectionary and drinks.

        Greetings cards. Toys and games.

        And loads of other stuff.

        They are having a good go at surviving on the High Street where many others haven't.

      2. Teiwaz

        Re: WHSmith?

        They are still one of the few places with a decent selection of pens.

        RE: the smaller stock of books, this was inevitable when the superstores started selling books, and they very much only stock 'bestsellers'.

    2. splodge

      Re: WHSmith?

      WHSmith?

      The High Street is doomed.

      FTFY ;)

  7. Small Furry Animal

    "It is a bug not a data breach."

    So let's get this right:

    1. We couldn't be bothered to check the code we updated. After all, it was only a small change; what could possibly go wrong?

    2. It's only a data breach if those nasty hacker people do it. If we do it (and we're not saying we did) it's a minor operational error.

  8. TonyJ

    Another one...

    Getting tired of these muppets. First they sell or mishandle your data and then they sit back and claim it's not a breach and/or but nothing sensitive was misappropriated and/or... etc.

    It's time the ICO grew a pair and hit them hard. It's also time where the companies in question were forced to provide credit monitoring subscriptions (and any necessary help) to anyone affected.

    On a slightly related note my kids have been gathering up book tokens for a while. These are meant to be the 'universal' type that you can spend anywhere like WH Smiths or Waterstones. Which is true. Just don't expect to be able to spend them online... useful.

    1. Small Furry Animal
      Thumb Up

      Re: Another one...

      On a slightly related note my kids have been gathering up book tokens for a while.

      You're obviously doing something right. I don't know how old your kids are but if they're hooked now they'll be hooked for the rest of their lives.

      1. TonyJ

        Re: Another one...

        You're obviously doing something right. I don't know how old your kids are but if they're hooked now they'll be hooked for the rest of their lives.

        13 and 7. Both boys. The youngest loves to read. The eldest - it's a bit of a battle but one I think we are slowly winning.

        Personally, I could easily imagine (and do) a life with no TV. But a life without books.... beyond comprehension. Although I confess to preferring the feel of a real book, I love the ease and simplicity of my kindle and the vast amount it can hold.

        1. Hollerith 1

          Re: Another one...

          @TonyJ: give your older boy "The Cry of the Icemark". It is the most exciting adventure story I or my nephews (who were 11 and 14 when they both read it) have come across. If it doesn't glue the older lad to his book, give up on him being a reader!

    2. TheProf
      Devil

      Re: Another one...

      " Just don't expect to be able to spend them online... useful."

      Yes I keep having that trouble but with £5 notes. I've tried keying in the serial numbers but NOT ONE webtailer (is that a word?) will accept payment that way.

      1. TonyJ

        Re: Another one...

        Yes I keep having that trouble but with £5 notes. I've tried keying in the serial numbers but NOT ONE webtailer (is that a word?) will accept payment that way.

        The difference being, I don't have bank notes in my wallet with instructions on them saying they can be used online. But I suppose it's easier to be sarcastic than find out further information, eh?

        National book tokens...them's the beasties. Can be used online but only at Foyles when you do some digging.

    3. Phil_Evans

      Re: Another one...

      You neglected to mention how they have recently deserved top ranking in the 'Duty Free' debacle at our airports...."Excuse me (sir/madam) can I see your boarding pass so that I can shaft you by charging you VAT that we don't pay since you're a stupid foreigner"?

      Low-value doesn't begin to describe this outfit.

      ...no data breach. My arse.

    4. Alan Brown Silver badge

      Re: Another one...

      "It's time the ICO grew a pair and hit them hard."

      Hopefully the factor of attempting to claim it's not a breach instead of owning up to it, will result in them whacking a bit harder.

      1. Anonymous Coward
        Anonymous Coward

        Re: Another one...

        "It's time the ICO grew a pair and hit them hard."

        If taken literally, that sounds rather painful.

  9. Marcus Bointon
    WTF?

    At least I don't think WHSmith is the ICO...

    "...had turned itself into the ICO"

    That would have been quite a feat - did you mean "...had turned itself in to the ICO"?

    1. Joey M0usepad Silver badge

      Re: At least I don't think WHSmith is the ICO...

      Two wizards were walking down the street, then one of them turned into a shop

      1. Richard Taylor 2

        Re: At least I don't think WHSmith is the ICO...

        One of those mysterious shops that just appear one day and are gone when you try to return the items (with apologies to Pt)

  10. Hollerith 1

    Got a gazillion emails this morning: thank you WH Smith

    I opened my intray to a load of emails G Data had thoughtfully flagged as spam. One had 'looklikeyouvebeenhacked@gmail,com' as its address. I last used WH Smith's subscription service in early July, so it's not just people who signed up in the last few days who are being hit.

  11. Joey M0usepad Silver badge
    WTF?

    sorry whats happening?

    i dont get it.

    "its magazine subscription service began emailing everyone on the mailing list."

    what? so ?

    there was a bit of a clue by one of the tweets suggesting that whatever you type into the site is forwarded to all the mail list. was that it?

    can someone explain?

    i need a dunce icon....

    1. VinceH

      Re: sorry whats happening?

      "i need a dunce icon..."

      I don't think you do. I read the first few paragraphs of the article a couple of times wondering where to find the explanation of what was actually happening other than "its magazine subscription service began emailing everyone on the mailing list" - which is only a part of the actual story.

      It wasn't until I read that tweet that I realised what was happening - then I read the preceding article again in case I'd missed the paragraph that explained it.

      I hadn't.

      "British newsagent WHSmith has a major privacy hole on its website, after its magazine subscription service began forwarding emails sent to it via its contact form to everyone on the mailing list."

      Would be a more explanatory first paragraph.

      One of the things I like about El Reg is that it presents stories in smaller, more bite-sized chunks than some other outlets - it takes less time to read an article. It's a shame when it becomes so bite-sized that an important detail is missing, though.

      1. Joey M0usepad Silver badge

        Re: sorry whats happening?

        ah thanks Vince . That tweet tweet did hint at that happening , but I thought " thats a bizzarre and unfortunate bug . too bizzare! how could that even happen?"

        1. Anonymous Coward
          Anonymous Coward

          Re: sorry whats happening?

          Sounds like they had the software set to "email comment thread" instead of "subscribe".

  12. Crisp

    "It is a bug not a data breach."

    Why not both?

  13. NanoMeter
    Trollface

    +dogs

    What would happen if dogs see the sensitive consumer data?

  14. heyrick Silver badge
    Megaphone

    It is a bug not a data breach.

    Most data breaches are the result of bugs.

    However - were details of clients (other than the client using the form) disclosed? If so, it is a data breach. Not in the Ashley Madison sense of the term, but leaking just one customer's information is still a breach.

  15. Anonymous Coward
    Anonymous Coward

    Slightly disappointed by the ICO

    I'd hoped to hear that it would take them a while to get around to this fairly minor breach owing to the effort they were putting into the rather more outrageous Windows 10 (and now 7/8 as well) "telemetry" privacy invasions. Alas not, it seems.

    1. Anonymous Coward
      Anonymous Coward

      Re: Slightly disappointed by the ICO

      Slightly disappointed by the ICO

      To be fair to the ICO, you have to remember that they were only really set up prior to the days of large scale on-line fraud and privacy abuse, with a main purpose of investigating intentional mis-use of your data by the marketing dweebs. We can dress that up with the full scope of the DPA, amd talk about consent and proper processing, but in reality the DPA was drafted back in 1997 by civil service amateurs who wouldn't know one end of a computer from t'other. Any relevance to real 2015 problems of spam, identity theft, fraud, and privacy incidental, and shows up in that the ICO is both under-armed and under-resourced to fight large businesses on matters of privacy and real data protection.

      1. Alan Brown Silver badge

        Re: Slightly disappointed by the ICO

        ...the ICO is _deliberately_ both under-armed and under-resourced...

        There, FTFY.

        1. Anonymous Coward
          Anonymous Coward

          Re: Slightly disappointed by the ICO

          Agreed. It must be more cost effective to harvest data breaches than send MI5 out on shakedown sprees of general public, so Official Response is Public concern but Private glee. Talk-a-lot but do-nothing.

          After all, each individual can only lose his/her personal data once; so it's just a matter of time.

      2. Quip

        Re: Slightly disappointed by the ICO

        The original DPA was in 1984, and was even more clueless. It hadn't noticed the personal computer at all let alone the internet.

  16. John 61
    FAIL

    just a thought...

    ICO=Incompetent Cop Out

  17. Trigonoceps occipitalis

    I Can't Believe

    No one has said "Its a feature!"

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like