DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

BBC America Shop customer orders leaked

Posted on November 21, 2011 by Dissent

Over the weekend, I received an e-mail from a BBC America Shop customer revealing that the bbcamericashop.com site was leaking customers’ order information – names, billing and shipping addresses, phone numbers, item number ordered, and e-mail addresses.  The exposed orders had been placed between June 10 of this year and that day. No credit card information was exposed and the records did not appear to have been cached in Google.

The customer tells DataBreaches.net that he became aware of a breach after he started receiving unwanted e-mail and searched Google for his name, which took him to a link to his order.  By simple url manipulation, he could see other customers’ data, too.  He started e-mailing other customers to alert them that their information was exposed and also contacted this site.

DataBreaches.net contacted BBC America Shop’s call center by phone to alert them to the exposure. Two hours later, the subdomain where the database had been available was no longer accessible.

Shortly thereafter, I received an e-mail from Interactive Partners, the firm that develops and maintains BBC America Shop’s web site, thanking me for the heads up.   I’m hoping that they will provide some additional details as to how the breach occurred and when it occurred, but they were still investigating the incident when I last heard from them Saturday night. It is not known to me at this time whether they or BBC America Shop intends to e-mail all affected customers.

I’ve occasionally blogged about how frustrating it can be to try to alert an entity to a breach.  This wasn’t one of those cases. In this case, when I went through the 800 customer service number and explained the situation, the call center representative transferred my call to someone who appreciated the need to relay the information promptly after I walked her through how to see all the customer data in her browser.

Never one to miss an opportunity, however, I will use this entry as a chance to remind you:  if your business (or your client) uses a call center for customer service – or even if you handle calls internally – make sure that everyone understands what to do if someone calls in to report a data or security leak.  It can save you (and the caller!) a lot of time and potential grief.

And if you have a breach to report, you can e-mail this site at breaches[at]databreaches.net.  I can’t promise I’ll be able to help, but I usually try.

 

Category: Breach IncidentsBreach TypesExposureSubcontractor

Post navigation

← AU: ADP exposes client emails
Dump of accounts from sfbaysss.net →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.
  • Websites selling hacking tools to cybercriminals seized
  • ConnectWise suspects cyberattack affecting some ScreenConnect customers was state-sponsored
  • Possible ransomware attack disrupts Maine and New Hampshire Covenant Health locations

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database
  • Home Pregnancy Test Company Wins Dismissal of Pixel Wiretapping Suit
  • The CCPA emerges as a new legal battleground for web tracking litigation

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.