That Didn't Take Long At All: Sears Sued For Data Breach
from the $5-million,-please dept
Well that didn’t take very long at all. Late last week, it was revealed that Sears.com was revealing past purchases to anyone who knew your name, address and phone number — a violation of Sears’ own privacy policy. And, by Monday, we have a $5 million class action lawsuit against Sears. While I do think Sears made a huge mistake here, the class action lawsuit seems a bit extreme. There’s no evidence that anyone was actually hurt by this — and while it was a dumb move by Sears, it’s not difficult to understand how it likely came about. Chances are Sears will settle this quickly just to get it out of the news, but really the only winners will be (as per usual) the lawyers.
Filed Under: class action, data breach, privacy
Companies: sears
Comments on “That Didn't Take Long At All: Sears Sued For Data Breach”
well..
While there may be no current evidence to state that anybody was hurt by this, we have so add ‘yet’ to that statement.
in order to protect the identity of others, Sears should have fixed that the moment it was found.
they didn’t, they had over a week to fix it, they didn’t, so they have to take it up the rear for their mistakes
Um…exactly how did it not “protect the identify of others” since you had to know their name, address and phone number? Hello…grab a phonebook dude…you gonna sue YellowBook next?
Re: Re:
Yeah, that’s the point. With no more information than what can be obtained from the phonebook, I can see a person’s entire purchase history from Sears. If I wanted to, I could open up the phonebook and see the purchase history of every person in the city. While I don’t know what, exactly, could be done to ‘hurt’ someone using their purchase history, it is still a violation of the privacy policy that needs to be addressed. At the very least, it could lead to embarassment.
Frankly, Mr. Lamper needs to go down. As a former Sears employee, I would like to see nothing more than that moron’s world come crashing down around him.
Re: Re: Look at That! New HDTV!
How can someone be hurt by this?
Hmm, let me see…
Stanley & Vivian Thusandsuch just bought a 65″ Samsung…
I have their address…
How long would it take a “mildly-crafty” thief to pull that one off?
Re: Re: Re: Look at That! New HDTV!
It was probably alot easier for that “mildly-craft” thief to see the huge TV box sitting on the curb on trash day.
Re: Re: Re:2 Look at That! New HDTV!
But that would be a privacy breach by the purchaser of the TV, not sears. In this case, it was Sears that made the privacy breach that could lead to the decreased security of the customer’s home. Think before you type.
Re: Re: Re: Look at That! New HDTV!
But could you truly fault Sears? Is it possible that by putting out the cardboard box on garbage-day the home-owner provided the same information to would-be thieves?
I see it all the time oh the guy living at # 33 on such & such a street just got a brand new Laser printer… chances are there is a computer too. Your shopping habits are far from secret I only have to follow you home from the big-box store to know where you take that HDTV.
Class Action Suit?
While I am all against large companies leaking any data like this, I do not agree with a Class Action Lawsuit.
The stupid lawyer who is filing this is going to keep at least half for “legal fee” bull .. poo.
Lawyers are ruining us, one frivolous lawsuit at a time.
Doesn’t class action lawsuits need people that were hurt by something to be filed?
How can the lawyer prove all the people that were affected and get them to join to make this an actual case?
Did he just sit there plugging in names from a phone book until he had enough?
Its just a lawyer money grab.
Re: Class Action Suit?
While I am all against large companies leaking any data like this, I do not agree with a Class Action Lawsuit.
While I do agree with you that we’re being ruined by an excess of lawyers who need to make work for themselves, this is a case where the privacy-apathetic company needs to be slapped down for a) putting something like that up for public use without thinking it through first and then b) failing to fix or remove it immediately once a leak of private information was identified. Is a class-action suit the best way to do so? Maybe, maybe not. I don’t know. But just ignoring it and hoping they’ll eventually get around to plugging up the holes would not have accomplished anything.
Cut 'em Some Slack
While the name Sears may conjure up images of Kenmore appliances, Bob Vila pitching Craftsmen tools and questionable fashions, Sears is a decent business that offers a whole lot of quality goods, often at lower prices than their “upscale” competitors. I can cut them a lot of slack for this apparently minor breach mostly for one reason – they are one of the few businesses that has always paid people who have been called to active duty in the US military.
When members of the National Guard from a number of states were called to serve in Iraq, the deployment disrupted a whole lot of families. Many of the men and women called to duty are married and have settled into their lives. Families of Sears employees who were called up continued to receive the regular paycheck of the family member who was called. To me, that’s the right thing to do and I will always support this business, if for no other reason than to thank them for their patriotism.
Re: Cut 'em Some Slack
I had no idea they did this. I have never heard of any business/company doing this. It certainly sways me over to their side.
The first anonymous coward was whining that Sears did nothing to protect the identity of others…
in order to protect the identity of others, Sears should have fixed that the moment it was found.
Sears did nothing to divulge the identity of anyone was my point. They may not have reacted fast enough to protect the identity of the purchases of its customers, but they didn’t divulge the identity of those customers to begin with.
it doesn't matter than nobody got hurt
The point is that Sears intentionally disclosed customer data. This could not be attributed to incompetence. If it is incompetence, then this level of incompetence should be criminalized.
The officers and directors at Sears need at least 90 days in Joe Arpaio’s jail for this. Maybe $1Billion is an adequate fine.
There is absolutely no excuse for this. None!
PIE!!!!!!!!
It doesn't matter that nobody got hurt
I concur. To borrow a line from “American Treasure”,
Somebody’s got to go to prison. If not for this,
then for the spyware that they’re peddling.
Until Cxx-level executives are held personally
responsible for this kind of nonsense, it will continue.
Nobody will lose their job. Nobody will lose their
golden parachute. Nobody will lose anything — except
the victims, who have already lost anyway.
So yeah, I recognize that the lawyers bringing this
suit may ultimately turn out to be the only people who
benefit from it. I’m fine with that, as long as it
inflicts serious pain on Sears. My disappointment is
really (a) the amount is 100X too small and (b) it’s
a civil action, so none of the Sears executives will
shortly be calling an 8×8 box “home”.
So a class action lawsuit against sears because it was easy to see what you bought.
Meanwhile other companies (and the government, in Ohio I believe it was) leak credit card information and social security numbers and don’t even get fined.
Yea, this isn’t a money grab at all.
Good! Let the lawsuit begin!
I don’t believe the lawsuit is a bad thing. If ANYTHING comes out of this, it’s a black eye for Sears for deliberately screwing over its most prized asset: its consumers.
I despise it when companies do this. There was NO REASON for Sears to even want this data, let alone the politeness of just asking if it were okay to capture it.
With T&Cs getting so verbose anymore, it has just become second nature to say “No” to everything, even if it means not ordering anything.
In this day of identity theft, NO personal information should be taken without permission regardless how “safe” it may seem.
For the poster who made the comment about YellowPages, sure, go get my information that way.
Oh, wait. You can’t. I don’t publish my information.
Had I signed up to Sears’ smoke and mirror tactics of “community”, I would have been boned with even more mailbox junk at the least.
Now, if someone can start a “war” on why, all of a sudden, Verizon is allowing unsolicited text ads and making consumers pay for them.
I had to stop all texting features because of it!
DOWN WITH ADVERTISING!
Wipe it please!
I’m sorry this was not a “mistake”, they exposed all purchase histories, from what I heard. So even if the person had not created an account for the site the purchase histories were available.
To get access and provide an infrastructure to this data is not trivial even without addressing security issues, which as this blunder illustrates were probably never considered.
Screw Sears and any company that abuses the legal vacuum that is privacy. Me, I don’t think it should be legal for companies to retain personal information, at all without written content, renewed even 6 months.
Loser Lawsuits
Once again we see people trying to get rich quick. Although I cannot say Sears was in the wrong, I cant help but think the customer is reaching for the stars. I have had freinds like this… looking to make a lifestyle out of a simple mistake… not knowing the steps that were taken, the reaction recieved from the company… I can only look back to other events i have seen… like getting a trip to disneyland as payment for lost pictures at a photo lab… people expect to get the world handed to them, and in the end it costs us all
I’m afraid of Americans and their lawsuits.
Re: Re:
And Canadians and theirs as well…. hope I spelled it right for you this time… lol
RE: Wipe it please
Quite frankly, I like Sears and enjoy shopping there…its one of the few stores left that cares about their customers. What I don’t like is the rediculous language used from some of the earlier posts i.e. “they exposed all purchase histories”; “Screw Sears and any company that abuses the legal vacuum that is privacy”. There would only be abuse here if they threw this stuff out for all to see, which aparently isn’t the case–>people figured out a way to exploit the system.
RE: Wipe it please
“I don’t think it should be legal for companies to retain personal information, at all without written content”–guess you also wanna give up your ability to return items since removing this info also removes your proof of purchase. You give them written consent when you type in the forms and agree to Terms and Conditions, just like anywhere else BTW.
As apon recieving my credit report I noticed someone had used my name and had a current account of a maximum of $10,000 ! Calling the sears data center “NO-ONE” knew my name! As I look on this first report of suing them might be an option I might consider taking.
customer information
before it became law sears printed complete account numbers on sales checks. as i employee we could use what was called a three part copy slip. this gave the account numbers to the delivery servicrs, employee’s working on the dock and merchinsise pick up. we as sales people were encouraged to make these copies(to cover our own butts)there are thousands
of employees and former employees with this information