WHSmith customers have reported a major data protection breach with the retailer’s IT system, causing information to be distributed via mass email.
Customers who used the “Contact Us” form claimed to have begun receiving spam emails Tuesday morning which include the phone numbers, names and email addresses of unrelated customers.
Customers have taken to social media, with one tweeting”…every time someone emails WHSmith about magazine subscriptions it’s going to everyone on the database, details too”. On Facebook, another customer wrote “65 emails starting at 00.12 this morning”. One wrote “over 20 emails so far from your contact us forms with customers emails and phone numbers,” adding added that it was “not only a privacy issue but also highly annoying”.
The high street retailer told The Independent that there had been an issue with its magazine subscription service, which it described as “a bug, not a data breach”, which is why customers have been receiving e-mails this morning “that have been misdirected in error”.
A spokesperson told The Independent that they “believe the issue has impacted fewer than 40 customers”, despite the large numbers complaining online. WHSmith did not elaborate on what led to that conclusion.
“I-subscribe (who manage WHSmith’s magazine subscriptions) are contacting the customers concerned to apologise for this administrative processing error. We can confirm that this issue has not impacted or compromised any customer passwords or payment details.”
WHSmith has since taken down its “Contact Us” page where the bug occurred.