Customers of German chemist chain Schlecker have been exposed in their hundreds of thousands after an error by the IT vendor used by the firm.
Over 150,000 customers are believed to have been affected by the incident during which anyone could have gained access to detailed personal information via the internet.
The vendor quickly patched the problem and the details were secured again, but on top of details such as home and email addresses, sex and full names for the 150,000 being made available, over seven million more people who subscribe to Schlecker’s newsletter were left open to data loss.
Login details were said to have been kept secure throughout the disaster, according to a Schlecker representative.
The leaking data was uncovered by security expert Tobias Huch and he said that the discovery took him by surprise because of the complete lack of protection that left the personal details completely exposed to any visiting third party.
Mr Tobias pointed to the ease with which cybercriminals could scam customers of Schlecker by harvesting their addresses and then contacting them via email requesting details under the guise of the chemist chain to extract further information.
Schlecker has offered reparations to its customers in the form of a five euro voucher to spend with the company, although it was keen to note that this act was not to compensate for the leak, but to show that it appreciated customers’ patience and support in this difficult time.
Cybercrime expert, Robert Siciliano, said that while consumers could take measures to protect personal data stored on their home PCs with antivirus software and firewalls, there was no way to account for the mishaps that befall large firms which are responsible for vast amounts of data.
Mr Siciliano said that ID theft is very difficult to detect in the short term and warned that criminals could carry out damaging acts with only the most basic information on an individual. For this reason he suggests that consumers should take a proactive approach to protecting their data, particularly after an incident such as this.