Sears puts customers' buying histories on the Web

IDG News Service - Sears Holdings Corp. has come under fire from privacy advocates for making the purchase history of its customers publicly available on its Managemyhome.com Web site.

Manage My Home is a community portal where Sears shoppers can download product manuals, find product tips and get home renovation ideas.

The Web site has a feature called "Find your products" that lets users look up past purchases. Ostensibly, this is designed to help customers keep track of items they've bought from the retailer, but the site also lets them look up the purchase histories of other people.

"Sears offers no security whatsoever to prevent a Manage My Home user from retrieving another person's purchase history by entering that person's name, phone number and address," wrote Ben Edelman, an assistant professor at Harvard Business School, in a blog posting.

This is a violation of Sears' own online privacy policy, which does not allow the company to share users' purchase history with the general public, Edelman said.

The information could be misused by scammers, said Benjamin Googins, a senior engineer at CA Inc. who has also written about the issue. "A potential burglar or scam artist could quite easily sit at home with a phone book, checking to see what people in a given neighborhood had purchased," he wrote.

Googins said that he was able to track purchases as far back as 1978 on the site.

One Sears customer said he was upset by the disclosure.

"It's pretty amazing that in 2008 a major corporation such as Sears Roebuck can show such blatant disregard for the privacy of its customers. It definitely will make me think twice before ordering from them again," said Doug Fuller, an Oakland, Calif., Realtor. "It's not like it is some rinky-dink company. This is a major corporation. And with all the identity theft going on, this is the best they can do?" he said via instant message.

A Sears spokeswoman did not respond to a request for comment. Sears Holdings, the owner of the Sears Roebuck and Kmart department stores, is the third-largest retailer in the U.S.

This is the second time Sears has come under fire for privacy concerns in recent weeks. In December and early January, Googins and Edelman blasted Sears for downloading invasive ComScore Web tracking software to some users of its MySHCcommunity.com Web site without adequate disclosure.

Sears has defended its use of the tracking software, pointing out that users are notified of the software's features before they download it.