Advertisement
Advertisement

Drugstore Schlecker customer information exposed on web

Share this article

Drugstore Schlecker customer information exposed on web
Photo: DPA
10:31 CEST+02:00
German drugstore chain Schlecker has suffered a major online data breach, with the names, addresses and profiles of about 150,000 customers being exposed on the internet, the company announced Friday.

A spokesman for the firm confirmed media reports that the personal data of online customers had for an unspecified time found their way onto the internet and were available to any web user.

However, account numbers and passwords were never vulnerable, the spokesman said.

The mistake had not been Schlecker’s but rather had been made by an external service provider, he said. The error had since been fixed and the data no longer available online.

Daily Bild reported that the first and second names, the addresses, genders, email addresses and customer profiles were all accessible. A further 7.1 million email addresses of customers receiving the firm’s newsletter were also available, the paper reported.

Schlecker was now investigating how the breach had occurred.

“We are in close contact with our service provider,” the Schlecker spokesman said.

Data protection specialist Tobias Huch, who discovered the data online, said: “We stumbled on this data breach by accident. Then we realized: this is no data leak, this is a wide-open door.”

The information was available from any regular computer, the paper reported. It could have been used by criminals masquerading as Schlecker to defraud customers, Huch said.

“They would write to the customers in the name of Schlecker – directly over the publicly available mail server. The customer would trust the correspondent, thinking, “Yes, it’s Schlecker.” They would make purchases and hand over their bank details.”

Burkhardt Müller-Sönksen, media expert in the parliamentary group of the pro-business Free Democrats, said: “It’s a scandal that this sensitive data can be made available. That is grossly negligent, a violation of the data protection regulations.”

Share this article

Advertisement
Advertisement

From our sponsors

How US expats can avoid tax trouble in 2017

Don’t let inaction or ignorance about your US tax obligations ruin the New Year.


Database error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')
			ORDER BY
				entries.ENTRY_MODIFIED DESC
			LIMIT
				10' at line 20