UK: Argos exposes customers' credit-card numbers in emails

[kirniki <kirniki () gmail com>]

http://www.pcpro.co.uk/news/security/356020/argos-exposes-customers-credit-card-numbers-in-emails

High street retailer Argos has compromised its customers' security by
sending their credit-card details - including the vital security code
- in unencrypted emails.

The company has been including the customer's full name, address,
credit-card number and three-digit CCV security code in order
confirmation emails, which are sent once a customer has placed an
order on the Argos website. Although the credit-card details don't
appear in the text of the email itself, they are contained - in plain
text - in the HTML code of the order confirmation.

It means that anyone intercepting or gaining access to the order
confirmations would have all the details necessary to steal someone's
credit card.

Argos has refused to confirm how many customers have been affected.
[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php