Newsagent WHSmith has compromised users’ private data sending it in hundreds of emails to customers due to a misconfigured “contact us” form on the retailer’s magazine website.
Information typed into the form, which is supposed to then be passed on to the company itself, was instead apparently sent to its entire mailing list.
In a vicious cycle, some subscribers used the affected form in an attempt to contact WHSmith to end the email bombardment – instead generating still-more messages to fill users’ inboxes.
WHSmith Magazines confirmed that the breach is a technical issue and hid the contact-us form from its website.
In a statement, the company told the Guardian: “We have been alerted to a systems processing bug by I-subscribe, who manage our magazine subscriptions. It is a bug not a data breach. We believe that this has impacted fewer than 40 customers who left a message on the ‘Contact Us’ page where this bug was identified, that has resulted in some customers receiving e mails this morning that have been misdirected in error.
“I-subscribe have immediately taken down their ‘Contact Us’ online form which contains the identified bug, while this is resolved. I-subscribe are contacting the customers concerned to apologise for this administrative processing error. We can confirm that this issue has not impacted or compromised any customer passwords or payment details and we apologise to the customers concerned.”
Some of the messages sent in the early period of the flaw contain sensitive personal information including real names, phone numbers, and email and postal addresses.
WHSmith has not responded to requests for comment from the Guardian. Its customer service team was active on social media on Wednesday morning, but not responding to questions about the data breach from users.
It isn’t the first time the retailer has resorted to drastic measures to correct an IT problem. In 2013, it closed down its entire website for more than a week after it was discovered selling hardcore pornographic ebooks, some featuring rapes and bestiality.