Sears sued over privacy breach
Sears Holdings
is facing a class-action lawsuit after making the purchase history of its customers
public on its Managemyhome.com
Web site.
The lawsuit seeks damages as well as an accounting by Sears to determine whether
the Web site was misused by criminals. It was filed on Friday by New Jersey
resident Christine Desantis, who is represented by KamberEdelson,
a technology law firm. KamberEdelson is best known for its recent settlement
with social networking site Facebook
over its sending of unwanted text messages to recycled cell-phone numbers.
"It's a pretty simple case," said Jay Edelson, a partner with the
Chicago-based law firm. "Sears decided to put private information of its
customers up on the Web site and make it publicly available. They did it without
telling their customers that it was going to happen ... and they really did
it for their own financial reasons."
Manage My Home is a community portal where Sears shoppers can download product
manuals, find product tips and get home renovation ideas. The Web site had a
feature called "Find your products" that ostensibly was designed to
help users look up past purchases.
Last Thursday, researchers at security vendor CA
pointed out that the feature could be used to look up the purchase history of
any Sears customer, an apparent violation of the company's privacy policy.
Manage My Home could easily have been misused by criminals, Edelson said. For
example, a robber could gain access to a victim's home by posing as a Sears
repair person, using the information available on the site. That could be incredibly
scary, he said. "They have a duty to keep that information away from the
public."
Sears disabled the "Find your products" feature on Friday, saying
it would re-introduce the feature once the company figures out a way of ensuring
that the information cannot be viewed by unauthorized third parties.
However, the retailer was informed of the problem weeks before it took the
feature off-line, Edelson said.
In late December, CA researchers also criticized Sears for downloading invasive
comScore Web tracking
software onto the desktops of some members of its MySHCcommunity.com Web site
without adequate disclosure.
KamberEdelson is also investigating that matter, Edelson said.
IDG News Service
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
VMware ESX Server in the Enterprise
By Edward L. Haletky
Published Dec 29, 2007 by Prentice Hall.
Enter now! | Official rules | Sample chapter
Green IT
By Toby Velte, Anthony Velte, Robert C. Elsenpeter
To be published Oct. 10, 2008 by McGraw Hill Professional
Enter now! | Official rules | About the book
