UK Web shoppers' details exposed
Published: 13 Aug 2002 09:42 BST
A list of more than 1,800 Web users and their personal details has been left at an extension of www.ukshops.co.uk, an online shopping mall that directs buyers to well-known names such as Boots, Comet, Debenhams and Interflora.
On display are users' names, email addresses, postal addresses, gender and age group.
Following an investigation by silicon.com, the UK Information Commissioner's Office has agreed to act on behalf of the thousands of consumers who have had their details exposed.
Faye Spencer, a compliance manager at the Information Commissioner's Office, told silicon.com: "This is a breach of (the Data Protection Act's) Principal 7, which states companies must take 'appropriate measures' to make sure this type of breach doesn't occur."
She said normally it would take an individual affected by such a gaffe to contact the body for it to take action but added that now the agency has been notified it will pursue the offending company.
Silicon.com heard about the security blunder from a reader called Derek (whose surname has been withheld for legal reasons), himself a lawyer, who was surfing sites after he entered his name into a search engine. He said: "I came across this link and I am outraged."
The technical reason for the breach -- relating to directory structures -- isn't complicated. Neil Barrett, security expert and technical director at consultancy IRM, said: "This is a bit of a collector's piece. We see this type of thing a lot less than we used to."
Legal experts aren't impressed. Keith Lewington, a partner at Shoosmiths law firm, said: "It's hard to see how there could be a more flagrant breach (of the Data Protection Act)."
He added that the situation highlights "the toothlessness of the information commissioner -- they won't do something unless someone complains."
Mike Pullen, partner in the Regulatory Group at law firm DLA, said: "The information commissioner should be prosecuting in cases like this."
It is not known why the data has been exposed. Although it is likely to be a Webmaster error, it could be a case of a disgruntled employee -- or former employee.
Unfortunately, the company responsible for www.ukshops.co.uk and owner of the UK Shopping City and UK Shopping Centre brands, named online as Yorkdale Limited, is unlisted and uncontactable. Emails to the addresses and calls to numbers listed were not answered on Monday.
The Information Commissioner's Office said it will now try to track down the offending e-tailer, or whoever is hosting the Web site should the company have gone bust.
Have your say instantly, and see what others have said. Go to the ZDNet news forum.
Let the editors know what you think in the Mailroom.
Did you find this article useful?
21 out of 68 people found this useful
- Share this article:
