Sears Holdings has come under fire from privacy advocates for making the purchase history of its customers publicly available on its Managemyhome.com Web site.
Manage My Home is a community portal where Sears shoppers can download product manuals, find product tips, and get home renovation ideas.
The Web site has a feature called "Find your products" that lets users look up past purchases. Ostensibly, this is designed to help customers keep track of items they've bought from the retailer, but the site also lets them look up the purchase histories of other people.
"Sears offers no security whatsoever to prevent a Manage My Home user from retrieving another person's purchase history by entering that person's name, phone number, and address," wrote Ben Edelman, an assistant professor with Harvard Business School, in a blog posting.
This is a violation of Sears' own online privacy policy, which does not allow the company to share users' purchase history with the general public, Edelman said.
The information could be misused by scammers, said Benjamin Googins, a CA senior engineer who has also written about the issue. "A potential burglar or scam artist could quite easily sit at home with a phone book, checking to see what people in a given neighborhood had purchased," he wrote.
Googins said that he was able to track purchases as far back as 1978 on the site.
One Sears customer said he was upset by the disclosure.
"It's pretty amazing that in 2008 a major corporation such as Sears Roebuck can show such blatant disregard for the privacy of its customers. It definitely will make me think twice before ordering from them again," said Doug Fuller, an Oakland, Calif., realtor. "It's not like it is some rinky-dink company. This is a major corporation. And with all the identity theft going on, this is the best they can do?" he said via instant message.
A Sears spokeswoman did not respond to a request for comment. Sears Holdings, the owner of the Sears Roebuck and Kmart department stores, is the third-largest retailer in the United States.
This is the second time Sears has come under fire for privacy concerns in recent weeks. In December and early January, Googins and Edelman blasted Sears for downloading invasive comScore Web tracking software to some users of its MySHCcommunity.com Web site without adequate disclosure.
Sears has defended its use of the tracking software, pointing out that users are notified of the software's features before they download it.
Get the independent advice and expertise you need to support a virtual workforce.
The increase in Linux popularity has increased the frequency and sophistication of malware attacks. Read this 2 page white paper now to learn how you can protect your Linux environment with real-time protection that is certified by all major Linux vendors.
Download now »
Ensuring acceptable application delivery will become even more difficult over the next few years. As a result, IT organizations need to ensure that the approach that they take to resolving the current application delivery challenges can scale to support the emerging challenges. This handbook elaborates on the key tasks associated with planning, optimization, management and control and provides decision criteria to help IT organizations choose appropriate solutions.
Download now »
A common misconception is that mid-range storage requirements are dramatically different than that of a larger enterprise. Mid-range storage users may require less capacity, but they have similar functionality and management requirements. This ESG paper examines mid-range storage needs and reviews a new solution that adjusts size while retaining value, performance and functionality.
Download now »
This white paper provides guidance on how to develop a strategic approach to managing and monitoring logs, a key function required for compliance with many regulatory mandates and a critical defense against security threats.
Download now! »
Learn about the processes and technologies that support security information management (SIM) operations, as well as the business case for SIM. The series examines different options for implementing SIM and gives you evaluation criteria for selecting the best option for your organization.
Download now! »
Learn the strategies, actions, and capabilities that Best-in-Class organizations employ and technologies they choose to obtain superior performance against various security performance metrics. This report provides guidelines for identifying which security solutions to consume as a MSS and defines best practices for choosing and managing MSSPs.
Download now! »
1 Recommendation
