In many cases, when consumer information is compromised, it’s the result of every retailer’s worst nightmare: an outside hacking attempt. But at other times, it can be a simple case of self sabotage.
The BBC reported that the website of London-based retailer Marks and Spencer experienced technical difficulties Tuesday (Oct. 27) night, when hundreds of customers were mistakenly given access to the private account details of other shoppers, including names, dates of birth, contacts and previous orders.
The Guardian reported that 800 customers were estimated to be affected by the data snafu. Some users who were on the site during the incident reported that they were able to read the last four digits of other shoppers’ payment methods if they had any recent orders or cards saved on their profiles. While the retailer contends that full credit card details were not shared or otherwise compromised, the site was taken down for roughly two hours as technicians scrambled to fix the problem.
“Due to a technical issue, we temporarily suspended our website yesterday evening,” a Marks and Spencer spokeswoman told the BBC. “This allowed us to thoroughly investigate and resolve the issue and quickly restore service for our customers.”
Absent an official statement from Marks and Spencer, shoppers turned to the retailers’ Facebook page to post their complaints and concerns about data security.
The lack of an adequate response to the data leak has given customers no place other than public venues to vent their frustrations, which may serve as an instructive example of how to handle the cleanup after data breaches for the best possible consumer experience in the worst possible scenarios.