COLUMBUS, Ohio, Oct. 22, 2003
Victoria's Secret Reveals Too Much
Lingerie Company Fined For Web Site Security Flaw
-
(CBS/AP)
-
Interactive Cyber Crime Find out about viruses, worms, and other ways people can attack both you and your computer online.
-
Interactive Spam: Inbox Invasion Tips to stamp out spam, state-by-state laws and a look at the 10 most common unwanted e-mails.
The lingerie stores' Columbus-based parent company, Limited Brands, said it fixed the problem within days of being notified by a customer last November. New York Attorney General Eliot Spitzer announced the fine and settlement with Limited on Tuesday.
A glitch in a feature allowing customers to check their order status allowed them to randomly call up other orders, seeing details such as sizes, prices, customer names and addresses. The faulty site didn't reveal credit card numbers or allow visitors to search orders by name.
The company is notifying about 560 customers who were affected nationwide by mail, spokesman Anthony Hebron said. New York was the only state to take legal action, he said Wednesday.
The settlement requires Victoria's Secret to provide refunds or credits to affected customers in New York. The company has not yet determined the number of customers in the state or the amount of potential refunds, Hebron said.
It also requires the company to establish an information security program and hire an external auditor to review it yearly.
İMMIII, The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed.
More From SciTech
Best-selling author Mitch Albom on his first nonfiction work since "Tuesdays with Morrie."
