RealTime IT News

Security Glitch at OfficeMax; Retailer Says It's Resolved

The OfficeMax Web site Thursday resolved flaws in its security system that caused customer data to be forwarded to other shoppers.

The glitch in the system was caused by a programming error, said Steve Baisden, spokesperson for the Cleveland-based supplier of business products.

"By sending links to our Web pages to their friends and business associates, our customers were unknowingly forwarding their credit card data and other personal information as well," he said. "As soon as we learned of the problem, we resolved it. We take our customers' privacy very, very seriously."

Baisden noted that more than 1.4 million people visited the office supply site in January alone, yet no customers, to date, were affected by the flaw.

"To the best of my knowledge, nothing fraudulent occurred as a result of the programming error," he said. "However, if there are problems, our customers are protected by our security guarantee and their money will be refunded. We invite people to call our customer service department if this error has affected them."

Because shoppers had to send a Web address to someone before their information was exposed, the problem is regarded as less serious than other hacker attacks, noted privacy advocate Jason Catlett, who operates junkbusters.com, an online privacy resource.

"The type of failure is less likely to cause actual damages," he said. "In instances where an entire customer database is available for downloading, a criminal can choose a victim at his leisure. In this case, to find the victim, you would have to know the victim, which makes a violation less likely."