A data breach at WHSmith has resulted in thousands of people receiving names, addresses and phone numbers of other customers.
WHSmith said the issues arose from a processing “bug” at the company which handles its magazine subscriptions.
It affected people who had left a message for WHSmith via the ‘contact us’ page with their details then sent out to its magazine subscriber base.
WHSmith played down the breach, saying it had only impacted 40 people and reassured that payment details hadn’t been compromised. However, it hasn’t confirmed how many people received the emails, but reports suggest it could be in the thousands.
"We have been alerted to a systems processing bug by I-subscribe, who manage our magazine subscriptions. It is a bug not a data breach," the retailer said.
"We believe that this has impacted fewer than 40 customers who left a message on the 'contact us' page where this bug was identified that has resulted in some customers receiving emails that have been misdirected in error."
I-subscribe have since taken down the ‘Contact Us’ online form.
It will come as a further blow to the retailer after it was hit by the Airport VAT scandal. In wake of the exposé, YouGov’s brand index data, which tracks consumer perception of brands, found WHSmith’s perception is at its lowest in two years.
Update: Representatvie for WHSmith contacted The Drum to confirm that 22 customers had been affected.
"We have been alerted to a systems processing bug by I-subscribe, who manage our magazine subscriptions. It is a bug not a data breach. We can confirm that this has impacted 22 customers who left a message on the ‘Contact Us’ page where this bug was identified, that has resulted in some customers receiving e mails this morning that have been misdirected in error. I-subscribe have immediately taken down their ‘Contact Us’ online form which contains the identified bug, while this is resolved.
"I-subscribe are contacting the customers concerned to apologise for this administrative processing error. We can confirm that this issue has not impacted or compromised any customer passwords or payment details and we apologise to the customers concerned.”