DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

BBC America Shop customer orders leaked

Posted on November 21, 2011 by Dissent

Over the weekend, I received an e-mail from a BBC America Shop customer revealing that the bbcamericashop.com site was leaking customers’ order information – names, billing and shipping addresses, phone numbers, item number ordered, and e-mail addresses.  The exposed orders had been placed between June 10 of this year and that day. No credit card information was exposed and the records did not appear to have been cached in Google.

The customer tells DataBreaches.net that he became aware of a breach after he started receiving unwanted e-mail and searched Google for his name, which took him to a link to his order.  By simple url manipulation, he could see other customers’ data, too.  He started e-mailing other customers to alert them that their information was exposed and also contacted this site.

DataBreaches.net contacted BBC America Shop’s call center by phone to alert them to the exposure. Two hours later, the subdomain where the database had been available was no longer accessible.

Shortly thereafter, I received an e-mail from Interactive Partners, the firm that develops and maintains BBC America Shop’s web site, thanking me for the heads up.   I’m hoping that they will provide some additional details as to how the breach occurred and when it occurred, but they were still investigating the incident when I last heard from them Saturday night. It is not known to me at this time whether they or BBC America Shop intends to e-mail all affected customers.

I’ve occasionally blogged about how frustrating it can be to try to alert an entity to a breach.  This wasn’t one of those cases. In this case, when I went through the 800 customer service number and explained the situation, the call center representative transferred my call to someone who appreciated the need to relay the information promptly after I walked her through how to see all the customer data in her browser.

Never one to miss an opportunity, however, I will use this entry as a chance to remind you:  if your business (or your client) uses a call center for customer service – or even if you handle calls internally – make sure that everyone understands what to do if someone calls in to report a data or security leak.  It can save you (and the caller!) a lot of time and potential grief.

And if you have a breach to report, you can e-mail this site at breaches[at]databreaches.net.  I can’t promise I’ll be able to help, but I usually try.

 

Category: Breach IncidentsBreach TypesExposureSubcontractor

Post navigation

← AU: ADP exposes client emails
Dump of accounts from sfbaysss.net →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Masimo Manufacturing Facilities Hit by Cyberattack
  • Education giant Pearson hit by cyberattack exposing customer data
  • Star Health hacker claims sending bullets, threats to top executives: Reports
  • Nova Scotia Power hit by cyberattack, critical infrastructure targeted, no outages reported
  • Georgia hospital defeats data-tracking lawsuit
  • 60K BTC Wallets Tied to LockBit Ransomware Gang Leaked
  • UK: Legal Aid Agency hit by cyber security incident
  • Public notice for individuals affected by an information security breach in the Social Services, Health Care and Rescue Services Division of Helsinki
  • PowerSchool paid a hacker’s extortion demand, but now school district clients are being extorted anyway (3)
  • Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • US Customs and Border Protection Plans to Photograph Everyone Exiting the US by Car
  • Google agrees to pay Texas $1.4 billion data privacy settlement
  • The App Store Freedom Act Compromises User Privacy To Punish Big Tech
  • Florida bill requiring encryption backdoors for social media accounts has failed
  • Apple Siri Eavesdropping Payout Deadline Confirmed—How To Make A Claim
  • Privacy matters to Canadians – Privacy Commissioner of Canada marks Privacy Awareness Week with release of latest survey results
  • Missouri Clinic Must Give State AG Minor Trans Care Information

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.