That Didn't Take Long At All: Sears Sued For Data Breach

from the $5-million,-please dept

Well that didn’t take very long at all. Late last week, it was revealed that was revealing past purchases to anyone who knew your name, address and phone number — a violation of Sears’ own privacy policy. And, by Monday, we have a $5 million class action lawsuit against Sears. While I do think Sears made a huge mistake here, the class action lawsuit seems a bit extreme. There’s no evidence that anyone was actually hurt by this — and while it was a dumb move by Sears, it’s not difficult to understand how it likely came about. Chances are Sears will settle this quickly just to get it out of the news, but really the only winners will be (as per usual) the lawyers.

Filed Under: , ,
Companies: sears

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “That Didn't Take Long At All: Sears Sued For Data Breach”

Subscribe: RSS Leave a comment
Anonymous Coward says:


While there may be no current evidence to state that anybody was hurt by this, we have so add ‘yet’ to that statement.
in order to protect the identity of others, Sears should have fixed that the moment it was found.

they didn’t, they had over a week to fix it, they didn’t, so they have to take it up the rear for their mistakes

hegemon says:

Re: Re:

Yeah, that’s the point. With no more information than what can be obtained from the phonebook, I can see a person’s entire purchase history from Sears. If I wanted to, I could open up the phonebook and see the purchase history of every person in the city. While I don’t know what, exactly, could be done to ‘hurt’ someone using their purchase history, it is still a violation of the privacy policy that needs to be addressed. At the very least, it could lead to embarassment.

Frankly, Mr. Lamper needs to go down. As a former Sears employee, I would like to see nothing more than that moron’s world come crashing down around him.

kilroy says:

Re: Re: Re: Look at That! New HDTV!

But could you truly fault Sears? Is it possible that by putting out the cardboard box on garbage-day the home-owner provided the same information to would-be thieves?

I see it all the time oh the guy living at # 33 on such & such a street just got a brand new Laser printer… chances are there is a computer too. Your shopping habits are far from secret I only have to follow you home from the big-box store to know where you take that HDTV.

Killer_Tofu (profile) says:

Class Action Suit?

While I am all against large companies leaking any data like this, I do not agree with a Class Action Lawsuit.
The stupid lawyer who is filing this is going to keep at least half for “legal fee” bull .. poo.
Lawyers are ruining us, one frivolous lawsuit at a time.

Doesn’t class action lawsuits need people that were hurt by something to be filed?
How can the lawyer prove all the people that were affected and get them to join to make this an actual case?
Did he just sit there plugging in names from a phone book until he had enough?

Its just a lawyer money grab.

Dave S says:

Re: Class Action Suit?

While I am all against large companies leaking any data like this, I do not agree with a Class Action Lawsuit.

While I do agree with you that we’re being ruined by an excess of lawyers who need to make work for themselves, this is a case where the privacy-apathetic company needs to be slapped down for a) putting something like that up for public use without thinking it through first and then b) failing to fix or remove it immediately once a leak of private information was identified. Is a class-action suit the best way to do so? Maybe, maybe not. I don’t know. But just ignoring it and hoping they’ll eventually get around to plugging up the holes would not have accomplished anything.

Roebuck says:

Cut 'em Some Slack

While the name Sears may conjure up images of Kenmore appliances, Bob Vila pitching Craftsmen tools and questionable fashions, Sears is a decent business that offers a whole lot of quality goods, often at lower prices than their “upscale” competitors. I can cut them a lot of slack for this apparently minor breach mostly for one reason – they are one of the few businesses that has always paid people who have been called to active duty in the US military.

When members of the National Guard from a number of states were called to serve in Iraq, the deployment disrupted a whole lot of families. Many of the men and women called to duty are married and have settled into their lives. Families of Sears employees who were called up continued to receive the regular paycheck of the family member who was called. To me, that’s the right thing to do and I will always support this business, if for no other reason than to thank them for their patriotism.

Anonymous Coward says:

The first anonymous coward was whining that Sears did nothing to protect the identity of others…

in order to protect the identity of others, Sears should have fixed that the moment it was found.

Sears did nothing to divulge the identity of anyone was my point. They may not have reacted fast enough to protect the identity of the purchases of its customers, but they didn’t divulge the identity of those customers to begin with.

Glo says:

it doesn't matter than nobody got hurt

The point is that Sears intentionally disclosed customer data. This could not be attributed to incompetence. If it is incompetence, then this level of incompetence should be criminalized.

The officers and directors at Sears need at least 90 days in Joe Arpaio’s jail for this. Maybe $1Billion is an adequate fine.

There is absolutely no excuse for this. None!

Rich Kulawiec says:

It doesn't matter that nobody got hurt

I concur. To borrow a line from “American Treasure”,
Somebody’s got to go to prison. If not for this,
then for the spyware that they’re peddling.

Until Cxx-level executives are held personally
responsible for this kind of nonsense, it will continue.
Nobody will lose their job. Nobody will lose their
golden parachute. Nobody will lose anything — except
the victims, who have already lost anyway.

So yeah, I recognize that the lawyers bringing this
suit may ultimately turn out to be the only people who
benefit from it. I’m fine with that, as long as it
inflicts serious pain on Sears. My disappointment is
really (a) the amount is 100X too small and (b) it’s
a civil action, so none of the Sears executives will
shortly be calling an 8×8 box “home”.

Twinrova says:

Good! Let the lawsuit begin!

I don’t believe the lawsuit is a bad thing. If ANYTHING comes out of this, it’s a black eye for Sears for deliberately screwing over its most prized asset: its consumers.

I despise it when companies do this. There was NO REASON for Sears to even want this data, let alone the politeness of just asking if it were okay to capture it.

With T&Cs getting so verbose anymore, it has just become second nature to say “No” to everything, even if it means not ordering anything.

In this day of identity theft, NO personal information should be taken without permission regardless how “safe” it may seem.

For the poster who made the comment about YellowPages, sure, go get my information that way.

Oh, wait. You can’t. I don’t publish my information.

Had I signed up to Sears’ smoke and mirror tactics of “community”, I would have been boned with even more mailbox junk at the least.

Now, if someone can start a “war” on why, all of a sudden, Verizon is allowing unsolicited text ads and making consumers pay for them.

I had to stop all texting features because of it!


Clueby4 says:

Wipe it please!

I’m sorry this was not a “mistake”, they exposed all purchase histories, from what I heard. So even if the person had not created an account for the site the purchase histories were available.

To get access and provide an infrastructure to this data is not trivial even without addressing security issues, which as this blunder illustrates were probably never considered.

Screw Sears and any company that abuses the legal vacuum that is privacy. Me, I don’t think it should be legal for companies to retain personal information, at all without written content, renewed even 6 months.

Rusty Shackleford says:

Loser Lawsuits

Once again we see people trying to get rich quick. Although I cannot say Sears was in the wrong, I cant help but think the customer is reaching for the stars. I have had freinds like this… looking to make a lifestyle out of a simple mistake… not knowing the steps that were taken, the reaction recieved from the company… I can only look back to other events i have seen… like getting a trip to disneyland as payment for lost pictures at a photo lab… people expect to get the world handed to them, and in the end it costs us all

Someone who cares says:

RE: Wipe it please

Quite frankly, I like Sears and enjoy shopping there…its one of the few stores left that cares about their customers. What I don’t like is the rediculous language used from some of the earlier posts i.e. “they exposed all purchase histories”; “Screw Sears and any company that abuses the legal vacuum that is privacy”. There would only be abuse here if they threw this stuff out for all to see, which aparently isn’t the case–>people figured out a way to exploit the system.

Someone who cares says:

RE: Wipe it please

“I don’t think it should be legal for companies to retain personal information, at all without written content”–guess you also wanna give up your ability to return items since removing this info also removes your proof of purchase. You give them written consent when you type in the forms and agree to Terms and Conditions, just like anywhere else BTW.

former says:

customer information

before it became law sears printed complete account numbers on sales checks. as i employee we could use what was called a three part copy slip. this gave the account numbers to the delivery servicrs, employee’s working on the dock and merchinsise pick up. we as sales people were encouraged to make these copies(to cover our own butts)there are thousands
of employees and former employees with this information

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...