BreachExchange mailing list archives
UK: Argos exposes customers' credit-card numbers in emails
From: kirniki <kirniki () gmail com>
Date: Wed, 3 Mar 2010 21:39:18 -0500
http://www.pcpro.co.uk/news/security/356020/argos-exposes-customers-credit-card-numbers-in-emails High street retailer Argos has compromised its customers' security by sending their credit-card details - including the vital security code - in unencrypted emails. The company has been including the customer's full name, address, credit-card number and three-digit CCV security code in order confirmation emails, which are sent once a customer has placed an order on the Argos website. Although the credit-card details don't appear in the text of the email itself, they are contained - in plain text - in the HTML code of the order confirmation. It means that anyone intercepting or gaining access to the order confirmations would have all the details necessary to steal someone's credit card. Argos has refused to confirm how many customers have been affected. [..] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- UK: Argos exposes customers' credit-card numbers in emails kirniki (Mar 03)