Thursday, 23 March 2017
Latest news
Main » Hudson's Bay exposes Saks customer info online

Hudson's Bay exposes Saks customer info online

21 March 2017

Saks' online shopping site is operated by its corporate parent, Hudson's Bay Company of Canada.

Buzzfeed News says it reviewed the pages in recent days and that the pages were taken offline after Hudson's Bay Company was contacted on the story. "We want to reassure our customers that no credit, payment, or password information was ever exposed", a HBC spokesperson told Global News via email.

More news: Tipping Off: On to the second weekend of the NCAA Tournament

The company did not comment on why the information was information was left unencrypted and publicly available. It is the oldest continually operating retailer in North America, having been founded in 1670.

Hudson's Bay has recently been in takeover talks with Neiman Marcus and Macy's. The exposed data were vis-ible only via a specific link on the Saks site, one where customers went to join a wait-list for select products. The page includes a number of Gmail, AOL and Hotmail addresses, along with work email accounts from JPMorgan, Charter Communications and government addresses. "There is probably a way to get password information, but you would have to search further".

More news: Nearly half of Canadians want illegal immigrants deported back to US

The Saks Fifth Avenue website was leaving some customer information in its code without any type of encryption. It also sometimes included the person's phone number and IP address. "Everyone is vulnerable." He added that the site's combination of secure and non-secure pages can leave a shopper browsing the site on an open WiFi connection vulnerable to hackers.

"The solution is for every webpage to be encrypted, not just the login", said Graham.

More news: Ivanka Trump Brand Lawsuit: First Daughter's Company Sued Over 'Unfair Competition'

Hudson's Bay exposes Saks customer info online