Sears Holdings has come under fire from privacy advocates for making the purchase history of its customers publicly available on its Managemyhome.com Web site.
Manage My Home is a community portal where Sears shoppers can download product manuals, find product tips, and get home renovation ideas.
The Web site has a feature called "Find your products" that lets users look up past purchases. Ostensibly, this is designed to help customers keep track of items they've bought from the retailer, but the site also lets them look up the purchase histories of other people.
"Sears offers no security whatsoever to prevent a Manage My Home user from retrieving another person's purchase history by entering that person's name, phone number, and address," wrote Ben Edelman, an assistant professor with Harvard Business School, in a blog posting.
This is a violation of Sears' own online privacy policy, which does not allow the company to share users' purchase history with the general public, Edelman said.
The information could be misused by scammers, said Benjamin Googins, a CA senior engineer who has also written about the issue. "A potential burglar or scam artist could quite easily sit at home with a phone book, checking to see what people in a given neighborhood had purchased," he wrote.
Googins said that he was able to track purchases as far back as 1978 on the site.
One Sears customer said he was upset by the disclosure.
"It's pretty amazing that in 2008 a major corporation such as Sears Roebuck can show such blatant disregard for the privacy of its customers. It definitely will make me think twice before ordering from them again," said Doug Fuller, an Oakland, Calif., realtor. "It's not like it is some rinky-dink company. This is a major corporation. And with all the identity theft going on, this is the best they can do?" he said via instant message.
A Sears spokeswoman did not respond to a request for comment. Sears Holdings, the owner of the Sears Roebuck and Kmart department stores, is the third-largest retailer in the United States.
This is the second time Sears has come under fire for privacy concerns in recent weeks. In December and early January, Googins and Edelman blasted Sears for downloading invasive comScore Web tracking software to some users of its MySHCcommunity.com Web site without adequate disclosure.
Sears has defended its use of the tracking software, pointing out that users are notified of the software's features before they download it.
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive Security Resource Alerts
This white paper provides guidance on how to develop a strategic approach to managing and monitoring logs, a key function required for compliance with many regulatory mandates and a critical defense against security threats.
Download now! »
Learn about the processes and technologies that support security information management (SIM) operations, as well as the business case for SIM. The series examines different options for implementing SIM and gives you evaluation criteria for selecting the best option for your organization.
Download now! »
Learn the strategies, actions, and capabilities that Best-in-Class organizations employ and technologies they choose to obtain superior performance against various security performance metrics. This report provides guidelines for identifying which security solutions to consume as a MSS and defines best practices for choosing and managing MSSPs.
Download now! »
1 Recommendation
