Advertisement

Drugstore Schlecker customer information exposed on web

Share this article

Drugstore Schlecker customer information exposed on web
Photo: DPA
10:31 CEST+02:00
German drugstore chain Schlecker has suffered a major online data breach, with the names, addresses and profiles of about 150,000 customers being exposed on the internet, the company announced Friday.

A spokesman for the firm confirmed media reports that the personal data of online customers had for an unspecified time found their way onto the internet and were available to any web user.

However, account numbers and passwords were never vulnerable, the spokesman said.

The mistake had not been Schlecker's but rather had been made by an external service provider, he said. The error had since been fixed and the data no longer available online.

Daily Bild reported that the first and second names, the addresses, genders, email addresses and customer profiles were all accessible. A further 7.1 million email addresses of customers receiving the firm's newsletter were also available, the paper reported.

Schlecker was now investigating how the breach had occurred.

“We are in close contact with our service provider,” the Schlecker spokesman said.

Data protection specialist Tobias Huch, who discovered the data online, said: “We stumbled on this data breach by accident. Then we realized: this is no data leak, this is a wide-open door.”

The information was available from any regular computer, the paper reported. It could have been used by criminals masquerading as Schlecker to defraud customers, Huch said.

“They would write to the customers in the name of Schlecker – directly over the publicly available mail server. The customer would trust the correspondent, thinking, “Yes, it's Schlecker.” They would make purchases and hand over their bank details.”

Burkhardt Müller-Sönksen, media expert in the parliamentary group of the pro-business Free Democrats, said: “It's a scandal that this sensitive data can be made available. That is grossly negligent, a violation of the data protection regulations.”

Share this article

Advertisement

From our sponsors

Kickstart your coding career in tech-savvy Berlin

Who says you need to have a programming background to be a part of Berlin's booming tech startup scene?

Advertisement
Advertisement
9,068 Jobs
Click here to start your job search
Advertisement
Advertisement

Popular articles

Advertisement
Advertisement