The contact page has been deleted from the server by the looks of it...
OH DEAR, WHSmith: Sensitive customer data spaffed to world+dog
British newsagent WHSmith has a major privacy hole on its website, after its magazine subscription service began emailing everyone on the mailing list. The data protection howler has been flagged up on Twitter by plenty of angry customers who fear having their personal information plundered by wrongdoers. However, despite the …
COMMENTS
-
Wednesday 2nd September 2015 10:18 GMT Little Mouse
WHSmith?
Are they still a Thing?
I used to go there quite a lot when the Home Computer era started. Not so much these days though. I can't think of anything that they sell that I couldn't get cheaper / more conveniently elsewhere. Their presence on the High Street is doomed.
Good luck to them surviving in an on-line capacity. Oh. Oops.
-
Wednesday 2nd September 2015 12:56 GMT Peter Gathercole
Re: WHSmith?
You know, WH Smiths actually does have a place on the High Street. In many small towns, they are often the only book seller stocking current titles there, and what a lot of people don't realise is that the other news agents in any area almost certainly get their news papers and magazines delivered through the WH Smith distribution channels.
I'm not saying that I agree with the way that they are reducing the space set aside to books in the smaller stores, as they only really now stock the big name author and celebrity books. They may still have one or two books from a couple of dozen other authors, but you can guarantee that you will not be able to buy a complete series from anything other than the major stores. "Oh", they say when asked, "We can always order them in for you". Yes. I can do that too, and Amazon may be cheaper.
But I still value a shop on my High street that has reasonable range and quality of stationary, books, magazines, maps, and many other things, when the rest of the chains have abandoned towns with populations under 15,000, so I still go out of my way to buy things from them.
The problem that many people who don't visit small towns don't appreciate is that they are being abandoned by the large shopping chains. You could say that it's my fault for living in such a town, but it's 20+ miles as the crow flies to get to the next largest town, and the roads mean that it's 45 minutes each way. Buying from the Internet is fine, but if I have to do a 40-50 mile round trip, just to buy things over the counter, it can make life more complicated.
-
Wednesday 2nd September 2015 13:58 GMT werdsmith
Re: WHSmith?
They have a good magazine selection, when you can get near them. The problem being that there are saddos who will stand in front of the shelves for hours and seemingly read entire magazines to avoid buying it. The Stationery is hand, the book range in our small local one is good, they compete with Waterstones on the top selling fiction books, the Works on cheapo books and do a huge range of educational stuff supporting schools.
Kobos E-book readers. Snacks, confectionary and drinks.
Greetings cards. Toys and games.
And loads of other stuff.
They are having a good go at surviving on the High Street where many others haven't.
-
-
-
Wednesday 2nd September 2015 10:24 GMT Small Furry Animal
"It is a bug not a data breach."
So let's get this right:
1. We couldn't be bothered to check the code we updated. After all, it was only a small change; what could possibly go wrong?
2. It's only a data breach if those nasty hacker people do it. If we do it (and we're not saying we did) it's a minor operational error.
-
Wednesday 2nd September 2015 10:29 GMT TonyJ
Another one...
Getting tired of these muppets. First they sell or mishandle your data and then they sit back and claim it's not a breach and/or but nothing sensitive was misappropriated and/or... etc.
It's time the ICO grew a pair and hit them hard. It's also time where the companies in question were forced to provide credit monitoring subscriptions (and any necessary help) to anyone affected.
On a slightly related note my kids have been gathering up book tokens for a while. These are meant to be the 'universal' type that you can spend anywhere like WH Smiths or Waterstones. Which is true. Just don't expect to be able to spend them online... useful.
-
-
Wednesday 2nd September 2015 11:01 GMT TonyJ
Re: Another one...
You're obviously doing something right. I don't know how old your kids are but if they're hooked now they'll be hooked for the rest of their lives.
13 and 7. Both boys. The youngest loves to read. The eldest - it's a bit of a battle but one I think we are slowly winning.
Personally, I could easily imagine (and do) a life with no TV. But a life without books.... beyond comprehension. Although I confess to preferring the feel of a real book, I love the ease and simplicity of my kindle and the vast amount it can hold.
-
-
-
Wednesday 2nd September 2015 11:32 GMT TonyJ
Re: Another one...
Yes I keep having that trouble but with £5 notes. I've tried keying in the serial numbers but NOT ONE webtailer (is that a word?) will accept payment that way.
The difference being, I don't have bank notes in my wallet with instructions on them saying they can be used online. But I suppose it's easier to be sarcastic than find out further information, eh?
National book tokens...them's the beasties. Can be used online but only at Foyles when you do some digging.
-
-
Wednesday 2nd September 2015 12:09 GMT Phil_Evans
Re: Another one...
You neglected to mention how they have recently deserved top ranking in the 'Duty Free' debacle at our airports...."Excuse me (sir/madam) can I see your boarding pass so that I can shaft you by charging you VAT that we don't pay since you're a stupid foreigner"?
Low-value doesn't begin to describe this outfit.
...no data breach. My arse.
-
-
Wednesday 2nd September 2015 11:59 GMT Hollerith 1
Got a gazillion emails this morning: thank you WH Smith
I opened my intray to a load of emails G Data had thoughtfully flagged as spam. One had 'looklikeyouvebeenhacked@gmail,com' as its address. I last used WH Smith's subscription service in early July, so it's not just people who signed up in the last few days who are being hit.
-
Wednesday 2nd September 2015 12:09 GMT Joey M0usepad
sorry whats happening?
i dont get it.
"its magazine subscription service began emailing everyone on the mailing list."
what? so ?
there was a bit of a clue by one of the tweets suggesting that whatever you type into the site is forwarded to all the mail list. was that it?
can someone explain?
i need a dunce icon....
-
Wednesday 2nd September 2015 12:51 GMT VinceH
Re: sorry whats happening?
"i need a dunce icon..."
I don't think you do. I read the first few paragraphs of the article a couple of times wondering where to find the explanation of what was actually happening other than "its magazine subscription service began emailing everyone on the mailing list" - which is only a part of the actual story.
It wasn't until I read that tweet that I realised what was happening - then I read the preceding article again in case I'd missed the paragraph that explained it.
I hadn't.
"British newsagent WHSmith has a major privacy hole on its website, after its magazine subscription service began forwarding emails sent to it via its contact form to everyone on the mailing list."
Would be a more explanatory first paragraph.
One of the things I like about El Reg is that it presents stories in smaller, more bite-sized chunks than some other outlets - it takes less time to read an article. It's a shame when it becomes so bite-sized that an important detail is missing, though.
-
-
Wednesday 2nd September 2015 12:49 GMT heyrick
It is a bug not a data breach.
Most data breaches are the result of bugs.
However - were details of clients (other than the client using the form) disclosed? If so, it is a data breach. Not in the Ashley Madison sense of the term, but leaking just one customer's information is still a breach.
-
-
Wednesday 2nd September 2015 13:32 GMT Anonymous Coward
Re: Slightly disappointed by the ICO
Slightly disappointed by the ICO
To be fair to the ICO, you have to remember that they were only really set up prior to the days of large scale on-line fraud and privacy abuse, with a main purpose of investigating intentional mis-use of your data by the marketing dweebs. We can dress that up with the full scope of the DPA, amd talk about consent and proper processing, but in reality the DPA was drafted back in 1997 by civil service amateurs who wouldn't know one end of a computer from t'other. Any relevance to real 2015 problems of spam, identity theft, fraud, and privacy incidental, and shows up in that the ICO is both under-armed and under-resourced to fight large businesses on matters of privacy and real data protection.
-
-
Thursday 3rd September 2015 03:55 GMT Anonymous Coward
Re: Slightly disappointed by the ICO
Agreed. It must be more cost effective to harvest data breaches than send MI5 out on shakedown sprees of general public, so Official Response is Public concern but Private glee. Talk-a-lot but do-nothing.
After all, each individual can only lose his/her personal data once; so it's just a matter of time.
-
-
-