WHSmith systems processing 'bug' leads to customer data breach

WHSmith magazine subscribers have received numerous emails containing personal information of other WHSmith customers.

The email data breach has been caused by a systems processing 'bug' – not a malicious hack – which has led to details including names, addresses and phone numbers to be emailed to other WHSmith customers.

The bug has caused any information entered into the retailer's 'contact us' online form to be inadvertently emailed onto customers. Customers have turned to social media to complain as well as the 'contact us' form, which in turn has sent further angry complaint emails to customers instead of WHSmith.

WHSmith reacted quickly to take the offending contact page off its website and has now confirmed the bug has been fixed. 

The retailer said: “We have been alerted to a systems processing bug by I-subscribe, who manage our magazine subscriptions. It is a bug not a data breach. We believe that this has impacted fewer than 40 customers who left a message on the ‘Contact Us’ page where this bug was identified, that has resulted in some customers receiving e mails this morning that have been misdirected in error.

"I-subscribe have immediately taken down their ‘Contact Us’ online form which contains the identified bug, while this is resolved.  I-subscribe are contacting the customers concerned to apologise for this administrative processing error.

"We can confirm that this issue has not impacted or compromised any customer passwords or payment details and we apologise to the customers concerned.”

UPDATE: WHSmith has now confirmed 22 people in total have been affected by the bug.