WHSmith Blames ‘Administrative Error’ For Privacy Mishap

High Street newsagent WHSmith has admitted to a serious privacy mishap after a misconfigured web page triggered a mass email to its entire mailing list.

It has reportedly blamed the mistake on an “administrative error”. But the company angered many online when it insisted it was not a “data breach”.

Admin Error

The WHSmith data breach happened after a problem with the “contact us” form on its magazine website.

It seems that when information was typed into the web page, the completed form was supposed to transmitted to WHSmith itself. But instead, the form was reportedly emailed to the entire WHSmith mailing list.

This prompted an angry response on Twitter from users concerned about their data privacy.

“Unfortunate that every time someone emails @WHSmith about magazine subscriptions it’s going to *everyone* on the database. Details too,” tweeted one user.

WHSmith eventually admitted to the problem and Tweeted “We can confirm that the issue with the contact form on the WHS Magazines site is resolved.”

WHSmith did not respond directly to TechweekEurope at the time of writing. But the company issued the following statement on Facebook.

“We have been alerted to a systems bug by I-subscribe who manage our magazine subscriptions,” said WHSmith.

“This is not a data breach,” said the company. “We can confirm that this has impacted 22 customers. I-subscribe have immediately taken down this online form and are contacting the customers concerned to apologise for this administrative error. This issue has not impacted or compromised any customer passwords or payment details.”

No Data Breach?

WHSmith’s attempt to downplay the seriousness of the event and insist it was not a data breach has not gone down well with some people.

“Given that I have received emails from more than 22 different email addresses this would demonstrate that this has impacted more than you have suggested,” wrote Bea Ossei on Facebook. “Also I have never had a subscription with you guys so why have I been receiving these emails. Your comms throughout this process has been shocking.”

“Not sure how exactly this hasn’t breached data protection,” wrote Clare Hubert. “Customers names, email addresses and telephone numbers have been sent out to alot of email addresses and d be pretty peeved if it was my details being sent out! With that information someone could easily call a customer and pretend to do a magazine subscription and take card details! This is appalling service! I hope from this no unsuspecting person is scammed!”

No doubt, WHSmith will soon have to field a call from the Information Commissioner’s Office (ICO), which tweeted this afternoon that it was already looking into the breach.

Try our privacy quiz. We won’t tell anyone!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago