E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.		 LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants


SPECIAL NOTE TO ALL VISITORS:
Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


TOWER RECORDS SITE EXPOSES DATA

Source: Business Week

Posted on December 13, 2002

      A security hole on Tower Records' Web site exposed data on millions of U.S. and U.K. customers until it was closed late Wednesday.

      The glitch allowed anyone to peruse Tower Records' Web site to view its database of customer orders dating from 1996 through this week, including home and e-mail addresses, phone numbers and what music or video products were purchased. More than 3 million such records were exposed.

      "It was a technical error, and when we discovered it we were fairly horrified and we fixed it in a matter of hours," a Tower representative said on Thursday. No credit card numbers appear to have been revealed, the company said.

      Stephanie Wilbanks of Jonesboro, Ark., had her personal information exposed after she ordered a CD as a gift from Tower Records this week.

      "I'm shocked and disappointed," Wilbanks said. "I will no longer do online business with Tower Records."

      But another affected customer, Ivor Colwill of Haywards Heath, England, said he wasn't as concerned.

      "I doubt it'll affect my shopping at Tower," Colwill said. "I honestly can't think of another site that covers so many of my musical needs in one spot or with the same quality of service. At worst, I'll telephone my orders to them."

      The security leak arose out of a programming error in a script called "orderStatus.asp." When customers requested information on their order via the Tower site, the script called up the record, displaying the order number as part of the URL of the resulting page.

      But the script allowed customers to type a different order number into the URL and call up a different record. In the change made Wednesday, Tower now requires customers to log in with their e-mail address and password before they can view information about their order.

      The programming error, which existed for an unknown length of time, appears to have conflicted with Tower Records' posted privacy policy, which says: "Your TowerRecords.com Account information is password-protected. You and only you have access to thisinformation... TowerRecords.com takes steps to ensure that your information is treated securely..."

      Founded in 1960 in Sacramento, Calif., Tower Records operates about 200 retail stores and opened its online store in November 1996.



CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

ALERT
ARCHIVES
Final Entries
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999


LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Against
Privacy Breaches.

Get WebTrust
Working For
Your Site.