Network News

X My Profile
View More Activity

Class Action Suit Alleges Sears Privacy Failures

Class-action lawyers are circling around retailer Sears, Roebuck & Co., just days after privacy activists revealed that the company's Web site exposed the details of customer purchases going back more than a decade.

In a complaint filed Friday in Cook County, Illinois -- where Sears is headquartered -- the plaintiffs allege that the lack of privacy protections at Sears's managemyhome.com site violated its own privacy promises to consumers, and in so doing ran afoul of the Illinois Consumer Fraud Act, which prohibits "unfair and deceptive practices."

The complaint seeks class-action status, and more than $5 million in damages, including attorneys' fees. A copy of the complaint is linked here (PDF).

The suit was filed by KamberEdelson, the same New York City based law firm that successfully pursued Sony BMG Music Entertainment after the media giant shipped millions of music CDs that included spyware.

Partner Scott Kamber said the firm also is seeking plaintiffs for a similar second class-action suit against Sears, whose marketing partners were recently found to have secretly installed ComScore's Web-tracking software on PCs of some customers who purchased products from the Sears Web site.

Sometime on Friday afternoon, Sears apparently disabled the feature that allowed anyone to create a free account and look up the purchase history of any customer. When visitors try to conduct such a search now, they are presented with an error message that reads: "We're sorry, this feature is currently disabled. Please visit again soon."

But KamberEdelson partner Jay Edelson said it's not clear whether Sears's removal of the page is a temporary or permanent fix. In either event, he said, Sears has a duty to notify customers of the privacy breach. "They ought to be giving notice to people that their system has not been secure," Edelson said.

Sears has not responded to repeated requests for comment.

By Brian Krebs  |  January 5, 2008; 2:10 PM ET
 
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Holiday Spam Quadruples Storm Worm Infections
Next: Important Update For Ad-Aware SE Users

Comments

I hope that KamberEdelson benefits from the knowlege that such security breaches are not highly technical in origin. If you can use a word processor, you can keep confidential information from propagating. http://www.RUSTPrivacy.org/

Posted by: gannon_dick | January 5, 2008 2:48 PM | Report abuse


Only $5,000,000? It ought to be $500,000,000.

Sears exemplifies everything that is wrong with capitalism. Sears is predatory towards their suppliers. Sears has no customer service. Sears doesn't stand behind their products. Sears' credit cards are high interest, and their reporting is terrible, which damages people's credit ratings.

Sears is a dinosaur which is too stupid to know that it is extinct, and damages everyone and everything around it in its death throes.

Posted by: Miami Mike | January 5, 2008 5:47 PM | Report abuse

I sent this to sours in Dec.

On Monday November 24th 2007 I attempted to buy a sears craftsman wet/dry vac for $49.99. There was a one day $5.00 discount on this item and free shipping for items over $49.00. By applying the $5.00 one day discount the price of the item dropped to $44.99 this discount resulted in the item not being eligible for free shipping. Thus the total cost of the item with shipping was 54.90 cents. The result of the one day discount was a $5.00 increase in price. On Tuesday I ordered the item at the $49.99 price with the free shipping. I used a gift card for the first $50.00 and my credit card for the remaining 2.49 in tax. On Friday I checked on the item and the status was still processing. I called customer service and canceled the order as it seemed to be taking an inordinate amount of time to process and ship the order. On Saturday I checked the status of the order and saw that it had been shipped. Sunday morning I checked my account and found that the entire sum had been charged to my credit card. I made another call to customer service where I was informed that all procedures concerning the processing and shipping had been followed and that any misconceptions about this order were mine. I asked about the gift card and was informed that no explanation was available but there are processes in place to handle orders. I was also informed that after delivery of the cancelled item I could return it to the store for a full refund. I immediately apologized for causing these problems and promised not to order any more items from Sears. I was then transferred to a supervisor who reinforced the information that I received from the associate and informed me that if I want to use the gift card on line I should enter the number from the gift card. This was a true revelation for me previously I had thought that waving the card in front of my computer would do the trick. I am still puzzled about how my credit card information got into the computer as I used the same method for both the gift and credit cards, oh well the internets work in mysterious ways. Again my apologizes and I regret causing Sears any problems by questioning their policies or implying that customers should expect competent service provided in a timely manner.
I know that I am supposed to suggest some resolution for the problems I caused but I have learned that there are procedures at Sears to cover ever contingency so please apply the appropriate solution.


Posted by: Anonymous | January 5, 2008 7:59 PM | Report abuse

managemyhome dot com is built by the india team much like sears dot com and and i am not at all surprised that they screwed it up big time. project owners should be fired for incompetency. they probably bypassed internal legal review. sears has top notch legal team but most project managers don't think they need them. too bad it has to come to this.

Posted by: shld_gonner | January 5, 2008 8:01 PM | Report abuse

shld_gonner the bulk of the site was built stateside -- expecially the purchase information functionality. From what I was told legal did review this and gave it the ok since they were not revealing any cc information. Seems like the director in charge of this site as well as the legal should get the brunt of the stick on this one. The developers just follow direction. What I would like to know is how the person in charge of the site could be so careless.

Posted by: shldknowhow | January 5, 2008 8:18 PM | Report abuse

BK - Thanks for covering this - you have recommended OpenDNS in the past - first would this be of any use here? second, I have not adopted OpenDNS because I have not been able to fully explore not just their stated Privacy Policy but what others have monitored them for - kindof important if I am going to send all my DNS requests through them and they could easily be the little brother vacuum cleaner that ComScore is

Posted by: OhioMC | January 6, 2008 9:04 AM | Report abuse

These class action suits crack me up. The lawyers will get millions while the class action victims who they purportedly represent will get a $1 Sears coupon.

Posted by: Bern | January 6, 2008 10:13 AM | Report abuse

I think class action suits are a dandy way to handle rank stupidity where it can be circumscribed.

The problem with privacy laws is that they are like those single shot-rifles they used to issue Troopers in "B" Westerns ... you aim at Sears, FaceBook gets shot and Google falls off the horse.

Posted by: GTexas | January 6, 2008 5:39 PM | Report abuse

OhioMC, OpenDNS would only help in this case if it had identified the hostname used in the proxy configuration (oss-content.securestudies.com) as malicious, in which case, all of your browsing would stop working. As of now, the OpenDNS nameservers resolve this name, so no, it doesn't help.

As for OpenDNS's access to your browsing activity, as long as you rely on someone else's DNS server, there is a risk, although markedly lower than the risk with comScore. DNS lookups alone reveal very little information about your activity in comparison with full proxying. Running your own DNS server improves your anonymity since your ISP cannot as readily monitor your DNS lookups.

If you want greater anonymity, look at Tor.

Posted by: antibozo | January 6, 2008 7:21 PM | Report abuse

I tested this last week, and all my purchases came up. I sent a email to the privacy email address and they said they were going to fix the site with an additional check, and it would be back up in about 10 days. I pointed out they were going to get there &#** sued off. I will never buy anything from them with anything but cash from now on.

Posted by: Rich | January 6, 2008 8:03 PM | Report abuse

Yep, Sears made a mistake. Let's try to ruin them. Forget the fact that they have partnered with ABC to give a new home every week to families in need. Forget that they partnered with Heroes at Home, to rebuild homes for returning service members with special needs. Just forget the fact that we all make mistakes every day, and forget who they impact. Lets just go ahead and support the lawyers who spearhead the frivolous law suits. Let's chase some ambulance. Was anyone truly hurt by this oversight? If so, sue on your own. Otherwise you're supporting the lawyers that will come after your next mistake.

Posted by: dgllai | January 7, 2008 7:57 AM | Report abuse

Its not just that Sears made a mistake. If you read the series of blog posts leading up to this, one of their VPs was defending the practice right up until the lawsuits were filed (in the cast of the comscore tracking).

I hate lawyers as much as the next guy, but if there is not a sufficiently harsh penalty that the shareholders will feel at least for a quarter, there is nothing to keep these guys in check.

Posted by: Aaron Erickson | January 7, 2008 8:14 AM | Report abuse

Yes, the real buffoon here is Jim Hilt the director of Manage My Home. See this article that Ben highlighted in his article about what Manage My Home was doing. Jim is freely talking about the benefit.

http://findarticles.com/p/articles/mi_qn4155/is_20071109/ai_n21104858

This guy definitely gets the award for the stupidest web marketer of the year! Think I'll shoot him and Alwyn an e-mail and let them know what I think about them giving out my personal information to the general public. Since they were so free with my info, I don't have a problem sharing their info -- I got Alwyn's e-mail address from a posting on the ca website Alewis1@searshc.com -- I would guess that Jim's e-mail address is Jhilt00@searshc.com or jhilt01@searshc.com.

Posted by: mikem | January 7, 2008 10:23 AM | Report abuse

@antibozo - thanks for the info!
@dgllai - perhaps you work for Eddie Lampert's crew there at Sears. We can fight to use the Constitution to protect ourselves from NSA vacuum cleaners installed courtesy of George & Dick, but we have no alternative but trial lawyers to protect us from Sears - which has sold members of its "community" down the river with a far more insidious and holistic example of spying. What do both cases have in common? Untrustworthy people saying "Trust Us, we wouldn't use this information inappropriately."

As for you Mr. Lampert - it's a stretch to compare this to being kidnapped personally as you have been, but your company has kidnapped the details of customers' personal lives and auctioned it to ComScore - without even offering the option of ransom.

Posted by: OhioMC | January 7, 2008 11:36 AM | Report abuse

jim

I know about this great e-commerce 101 class. Maybe you should take it and learn something about building an e-commerce site! just go to www.idiot.com to register.

As for you Eddie -- what were you thinking hiring such an amateur to run a business for such a powerhouse company. We are definitely dealing with a Romper Room player here.

Posted by: fujh | January 7, 2008 11:54 AM | Report abuse

dgllai> Was anyone truly hurt by this oversight?

We don't know. You appear to assume no one was. Do you have some evidence for that? Or could it be that a lot of people lost large sums of money to targeted phishing that was enabled by this specific weakness?

Estimates for 2007 say about $50 billion were lost to "identity theft" (whatever that moronic term is supposed to mean). Companies who play fast and loose with people's privacy need to be sanctioned or this problem will keep getting worse.

And, by the way, people who file a class-action suit aren't trying to "ruin" Sears--on the contrary, if Sears goes out of business it won't be able to pay out awards.

Posted by: antibozo | January 7, 2008 12:00 PM | Report abuse

How can I get on this class action suit? I have a account with sears

Posted by: Frank | January 7, 2008 10:03 PM | Report abuse

@frank

info@kamberedelson.com

Posted by: Anne | January 8, 2008 2:53 AM | Report abuse

on this subject ,. alloy employees credit union
australian carbon credit purchasing
, this the most good site

Posted by: Obserlarserib | January 13, 2008 5:18 AM | Report abuse

Google

Posted by: bmskn | January 13, 2008 7:56 AM | Report abuse

Hi everyone,

Just passing through and wanted to say hi.
Pam

Posted by: pamelakworkoutgirl | January 18, 2008 10:38 PM | Report abuse

@dgllai : I doubt that any mistake I have ever made somehow gave home phone numbers to companies for the purpose of calling them at home to harrass them, or let your neighbors know about your new big screen television should they feel like helping themselves to your things while you are on vacation. I have gotten telephone calls from several companies that have deals with sears and I'm pretty damn sure I didn't give them my unpublished phone number.

Posted by: Mike | January 25, 2008 9:57 AM | Report abuse

Sear is going the way of the dinosaur. Customer service is poor and getting worse. The competition is growing and gaining market share. Those loyal catalog customers are long gone or have already been burned by poorly trained, unmotivated employees. Companies like Best Buy, Home Depot or Lowes are filling the niche that was once dominated by Sears, and gaining market share at Sears' loss. The numbers of angry Sears customers are growing to the point that only the very uninformed are becoming new customers. Read the huge amount of websites that exist to flame or otherwise vent frustrated and angry customer sentiments over Sears deals gone bad. Sears is destined to become a memory and a lesson in the rise and fall of a once great corporation.

Posted by: anywhere but Sears | February 1, 2008 5:10 PM | Report abuse

Google

Posted by: osfbp | February 22, 2008 8:04 PM | Report abuse

Hello! Good Site! Thanks you! http://njdgenkonimbh.com

Posted by: uahkfrihru | March 23, 2008 2:35 PM | Report abuse

Useful site. Thanks.
http://ab-sauna.theperfectposition.info/map.html ab sauna

Posted by: ab sauna | April 25, 2008 2:23 AM | Report abuse

Useful site. Thanks:-)
http://peachez.theperfectposition.info/map.html peachez

Posted by: peachez | April 25, 2008 6:29 AM | Report abuse

Useful site. Thanks:-)
http://naked-old-stripping-woman.saruella.uni.cc naked old stripping woman

Posted by: naked old stripping woman | May 2, 2008 6:49 PM | Report abuse

Useful site. Thanks:-)
http://naked-old-stripping-woman.saruella.uni.cc naked old stripping woman

Posted by: naked old stripping woman | May 2, 2008 6:50 PM | Report abuse

Useful site. Thanks!
http://whitney.phpnet.us/basketba1f/index.html basketball nba uniform

Posted by: basketball nba uniform | May 2, 2008 11:36 PM | Report abuse

Useful site. Thanks:-)
http://jacquelyn.winterhost.org/bag-bowl2b/index.html rule of tennis sports

Posted by: rule of tennis sports | May 3, 2008 12:43 AM | Report abuse

Useful site. Thank you.
http://myra.20xhost.com/boxing-c34/index.html ping pong table table tennis

Posted by: ping pong table table tennis | May 3, 2008 4:31 AM | Report abuse

Useful site. Thanks:-)
http://alison.ifastnet.com/school-td2/index.html used sail for sale

Posted by: used sail for sale | May 3, 2008 9:35 AM | Report abuse

Useful site. Thanks!
http://flora.winterhost.org/huntingt84/index.html basketball mansfield youth

Posted by: basketball mansfield youth | May 3, 2008 10:46 AM | Report abuse

Useful site. Thanks:-)
http://fransua.ifastnet.com/volvo-bo3c/index.html golf tip technique

Posted by: golf tip technique | May 3, 2008 12:28 PM | Report abuse

Useful site. Thanks!
http://vicky.ifastnet.com/tennis-t59/index.html leprechauns dont play basketball

Posted by: leprechauns dont play basketball | May 3, 2008 7:30 PM | Report abuse

Useful site. Thanks!
http://vicky.ifastnet.com/tennis-t59/index.html leprechauns dont play basketball

Posted by: leprechauns dont play basketball | May 3, 2008 7:31 PM | Report abuse

Useful site. Thank you.
http://group-gay-galleries.balentina.co.cc/map.html group gay galleries

Posted by: group gay galleries | May 4, 2008 3:52 AM | Report abuse

Useful site. Thank you.
http://group-gay-galleries.balentina.co.cc/map.html group gay galleries

Posted by: group gay galleries | May 4, 2008 3:53 AM | Report abuse

Useful site. Thank you:-)
http://quad-squad-summer-camp-for-adults.balentina.co.cc/map.html quad squad summer camp for adults

Posted by: quad squad summer camp for adults | May 4, 2008 5:39 AM | Report abuse

Useful site. Thanks!!
http://lesbian-websites.balentina.co.cc/map.html lesbian websites

Posted by: lesbian websites | May 4, 2008 10:17 AM | Report abuse

Useful site. Thanks:-)
http://gay-prison-movie-downloads.balentina.co.cc/map.html gay prison movie downloads

Posted by: gay prison movie downloads | May 4, 2008 10:19 AM | Report abuse

Useful site. Thanks!
http://cfmnd-info-free-latin-porn-site.balentina.co.cc/map.html cfmnd info free latin porn site

Posted by: cfmnd info free latin porn site | May 4, 2008 11:38 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company