Sears puts customers' buying histories on the Web
It's a violation of the company's own policy and could be misused by scammers, critics say
January 4, 2008 12:00 PM ETIDG News Service - Sears Holdings Corp. has come under fire from privacy advocates for making the purchase history of its customers publicly available on its Managemyhome.com Web site.
Manage My Home is a community portal where Sears shoppers can download product manuals, find product tips and get home renovation ideas.
The Web site has a feature called "Find your products" that lets users look up past purchases. Ostensibly, this is designed to help customers keep track of items they've bought from the retailer, but the site also lets them look up the purchase histories of other people.
"Sears offers no security whatsoever to prevent a Manage My Home user from retrieving another person's purchase history by entering that person's name, phone number and address," wrote Ben Edelman, an assistant professor at Harvard Business School, in a blog posting.
This is a violation of Sears' own online privacy policy, which does not allow the company to share users' purchase history with the general public, Edelman said.
The information could be misused by scammers, said Benjamin Googins, a senior engineer at CA Inc. who has also written about the issue. "A potential burglar or scam artist could quite easily sit at home with a phone book, checking to see what people in a given neighborhood had purchased," he wrote.
Googins said that he was able to track purchases as far back as 1978 on the site.
One Sears customer said he was upset by the disclosure.
"It's pretty amazing that in 2008 a major corporation such as Sears Roebuck can show such blatant disregard for the privacy of its customers. It definitely will make me think twice before ordering from them again," said Doug Fuller, an Oakland, Calif., Realtor. "It's not like it is some rinky-dink company. This is a major corporation. And with all the identity theft going on, this is the best they can do?" he said via instant message.
A Sears spokeswoman did not respond to a request for comment. Sears Holdings, the owner of the Sears Roebuck and Kmart department stores, is the third-largest retailer in the U.S.
This is the second time Sears has come under fire for privacy concerns in recent weeks. In December and early January, Googins and Edelman blasted Sears for downloading invasive ComScore Web tracking software to some users of its MySHCcommunity.com Web site without adequate disclosure.
Sears has defended its use of the tracking software, pointing out that users are notified of the software's features before they download it.
Reprinted with permission from
Story copyright 2009 International Data Group. All rights reserved.
sears
Additional Resources



Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
White Papers & Webcasts
Share our Strength
Download Now
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Top 10 Things to Know about Data Protection
Download Now
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...
Ponemon Study: The Business Risk of a Lost Laptop
Download Now
Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.
Airport Insecurity: The Case of Lost Laptops
Download Now
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
