The OfficeMax Web site Thursday resolved flaws in its security system
that caused customer data to be forwarded to other shoppers.
The glitch in the system was caused by a programming error, said Steve
Baisden, spokesperson for the Cleveland-based supplier of business products.
“By sending links to our Web pages to their friends and business
associates, our customers were unknowingly forwarding their credit card data
and other personal information as well,” he said. “As soon as we learned of
the problem, we resolved it. We take our customers’ privacy very, very
seriously.”
Baisden noted that more than 1.4 million people visited the office supply
site in January alone, yet no customers, to date, were affected by the flaw.
“To the best of my knowledge, nothing fraudulent occurred as a result of
the programming error,” he said. “However, if there are problems, our
customers are protected by our security guarantee and their money will be
refunded. We invite people to call our customer service department if this
error has affected them.”
Because shoppers had to send a Web address to someone before their
information was exposed, the problem is regarded as less serious than other hacker
attacks, noted privacy advocate Jason Catlett, who operates junkbusters.com, an online privacy resource.
“The type of failure is less likely to cause actual damages,” he said. “In instances where an entire customer database is available for downloading, a criminal can choose a victim at his leisure. In this case, to find the victim, you would have to know the victim, which makes a violation less likely.”