High street veteran Woolworths has been forced to temporarily close its online store after customer credit card and personal details were exposed on its website.

Two Woolworths customers will receive cash compensation from the high street retailer after their names, addresses, and phone and credit card details were published on the www.woolies.co.uk website.

Woolworths says that an unidentified glitch in the website caused the customers' personal details, along with a description of the last product they had bought online, to be published on a web page within its site. A third customer then accessed this page and raised the alarm.

A Woolworths spokesman told vnunet.com that the company has apologised profusely to those involved and has agreed a one-off payment to the two customers for the inconvenience involved in cancelling their credit cards. He said one of the customers had asked for the compensation sum not to be revealed and thus he could not supply further details.

According to the spokesman, the website was closed down as soon as Woolworths became aware of the breach and the retailer is now conducting a thorough investigation into the reasons for the breach in customer confidentiality.

He added that he does not expect this to be completed until 18 August and the website would remain offline until then.

High street bank Barclays recently suffered a breach following a system upgrade that allowed customers to view each other's bank account details online.

Woolworths confirmed that it had also recently upgraded its system but denied that this was at fault, saying such upgrades were ongoing and the cause of the problem had not yet been identified.

Woolworths is the third case of a major UK company letting down its customers over the storing of confidential information on websites.

In July, thousands of PowerGen customers had their credit card details exposed on the utility's website. Security experts said at the time that companies often failed to secure customer data, because of a variety of mistakes. These included web connections being left open at a firewall, poorly designed web applications and web servers not being patched.

Consumer groups said these breaches were weakening public confidence in ecommerce. Earlier this month, a report from the National Consumer Council, Ecommerce and Consumer Protection, found that unless problems with online security are addressed, the fear of fraud would continue to be a deterrent to online retail.

Despite the UK's support for dotcom enterprises, and the government's insistence that the UK would become the central hub in Europe for ecommerce, purchasing is still one of the least popular online activities, according to the report.

See also:

Still losing against an unseen enemy

This year has seen a succession of high-profile security breaches, and even the best-protected networks remain curiously vulnerable.  11 Dec 2000

Woolworth's back online after scare

High street retail giant Woolworth's will finally relaunch its website this week, two months after it was closed down due to security problems. But uncertainty remains over whether the site will be able to deal with predicted volumes.  11 Oct 2000

Net fraud goes unpunished and unreported

Nine out of 10 internet frauds in the UK still go unpunished and usually unreported, despite the recent attempts by credit card companies to crack down on online fraud.  14 Sep 2000

Weak security found in many web servers

One in three supposedly secure ebusiness servers are using software with known security weaknesses, and European sites are the worst offenders, according to a survey.  07 Sep 2000

Bull investigates web security breach

Security experts at Bull are investigating reports that a flaw with its web servers allowed access to confidential customer data.  01 Sep 2000

Safeway hit by hoax emailer

UK supermarket Safeway is investigating how a computer hacker gained access to its databases and sent a hoax message to thousands of customers.  14 Aug 2000

Barclays online bank suffers another blow

Barclays bank has suffered another embarrassing incident, calling the security of its online banking service into question yet again.  11 Aug 2000

UK online shoppers still lack confidence

Lack of consumer confidence is stifling ebusiness uptake in the UK, according to the National Consumer Council.  03 Aug 2000

Barclays' web bank suffers security breach

Barclays has reopened its online banking service after an embarrassing security breach forced it offline yesterday afternoon.  01 Aug 2000

Is it too late to plug the PowerGen leak?

The discovery of a security hole in the UK utility's website, which resulted in the leak of thousands of customers' bank and contact details, has further dented public confidence in ecommerce.  25 Jul 2000

European firms getting security wrong

Security has finally become an item on the corporate agenda but many companies are taking the wrong approach to addressing the issue, according to research by IDC.  21 Jul 2000

Powergen customer info exposed in net blunder

Utility firm PowerGen admitted today that it had suffered a breach of internet security which resulted in the leak of bank and contact details of thousands of its customers.  19 Jul 2000

Like this story? Spread the news by clicking below:

 del.icio.us     Digg this     reddit!