Saks Fifth Avenue Exposes Personal Info of Customers
The personal information of tens of thousands of Saks Fifth Avenue customers has been publicly available in plain text online, BuzzFeed News has learned. Saks’ e-commerce site is maintained by the digital division of its owner, Canada-based Hudson’s Bay Company. Until recently, unencrypted, publicly accessible web pages on the site contained tens of thousands of records for customers who signed up for wait lists to buy products. The records included email addresses and product codes for the items customers expressed interest in buying; some also contained phone numbers. Each record also included a date and time, and one of a handful of recurring IP addresses.
Total Retail's Take: Data security is an issue that keeps retail IT professionals up at night. Hackers and fraudsters are becoming increasingly sophisticated, leaving customers valuable data — and retailers’ reputations — at risk. However, in this case, it appears neglect by Saks Fifth Avenue may be to blame for the publicly available information. Saks’ website serves logged-in customers some pages over unencrypted connections, leaving shoppers’ data vulnerable to hackers while they browse the site on an open Wi-Fi network. “This is as bad as security gets,” Robert Graham, a cybersecurity expert and owner of Errata Security, told BuzzFeed News. “Everyone is vulnerable.”