First, a few days ago, it was revealed that Sears was inviting people to install software which CA called a Significant Threat to Privacy.

The proxy:

• Monitors and transmits a copy of all Internet traffic going from and coming to the compromised system.


• Monitors secure sessions (websites beginning with ‘https’), which may include shopping or banking sites.


• Records and transmits “the pace and style with which you enter information online…”


• Parses the header section of personal emails

• May combine any data intercepted with additional information like “select credit bureau information” and other sources like “consumer preference reporting companies or credit reporting agencies”.

In addition, My SHC Community requires a variety of personal information during registration – like name, email, address, city, state, and age. All of this information can be correlated with intercepted data to create a comprehensive profile.

Now comes word of a lawsuit filed alleging that customer warranty information can be accessed by anyone.

According to a filing in Cook County court in Illinois, the Sears Website, called Manage My Home, allowed users to enter others’ addresses into a database and collect information about their purchasing habits, as well as all of the Sears-warrantied products in the home.

Wow, evil and completely incompetent. Stealing customer’s private information on one hand, and taking no measures to protect customer information on another hand… That is an impressive one-two punch.

This entry was posted on Monday, January 7th, 2008 at 4:56 pm by Peter Hesse and is filed under data theft. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.