February 11, 2009 8:26 PM
- Text
Victoria's Secret Reveals Too Much
(AP)
Victoria's Secret has agreed to pay a $50,000 fine to the state of New York while promising to improve computer security practices after a glitch on its Web site allowed viewers to browse other customers' online orders.
The lingerie stores' Columbus-based parent company, Limited Brands, said it fixed the problem within days of being notified by a customer last November. New York Attorney General Eliot Spitzer announced the fine and settlement with Limited on Tuesday.
A glitch in a feature allowing customers to check their order status allowed them to randomly call up other orders, seeing details such as sizes, prices, customer names and addresses. The faulty site didn't reveal credit card numbers or allow visitors to search orders by name.
The company is notifying about 560 customers who were affected nationwide by mail, spokesman Anthony Hebron said. New York was the only state to take legal action, he said Wednesday.
The settlement requires Victoria's Secret to provide refunds or credits to affected customers in New York. The company has not yet determined the number of customers in the state or the amount of potential refunds, Hebron said.
It also requires the company to establish an information security program and hire an external auditor to review it yearly.
The lingerie stores' Columbus-based parent company, Limited Brands, said it fixed the problem within days of being notified by a customer last November. New York Attorney General Eliot Spitzer announced the fine and settlement with Limited on Tuesday.
A glitch in a feature allowing customers to check their order status allowed them to randomly call up other orders, seeing details such as sizes, prices, customer names and addresses. The faulty site didn't reveal credit card numbers or allow visitors to search orders by name.
The company is notifying about 560 customers who were affected nationwide by mail, spokesman Anthony Hebron said. New York was the only state to take legal action, he said Wednesday.
The settlement requires Victoria's Secret to provide refunds or credits to affected customers in New York. The company has not yet determined the number of customers in the state or the amount of potential refunds, Hebron said.
It also requires the company to establish an information security program and hire an external auditor to review it yearly.
Popular Now in SciTech
- Retro Duo will play your old Nintendo games
- Apple iPad 3 rumors: thicker, sharper, coming soon
- Obama's 2012 campaign playlist now on Spotify
- Anonymous breaks into Assad's server
- FBI releases Steve Jobs background report
- Apple faces $1.6 billion iPad trademark lawsuit
- Hackers release Symantec pcAnywhere source code
- Ethical iPhone 5 petitions head to Apple stores
- Scientists say online dating doesn't work
- Apple iPad 3 rumors resurface, sources say March release
- Apple iPhone 5 rumors, reports say June release
- Facebook graffiti artist David Choe, from homeless to millions
- Pinterest secretly swaps links for profit
- Shocking Stats on Texting While Driving
- Facebook RIP pages defaced by British man
- Kids react to seeing iPhone for first time
- Apple supplier Foxconn hit by hackers
Latest CBS News Headlines
on Facebook
on CBS News
- GM gets environmental OK for new China plant
- German Parliament likely to vote on Greece Feb. 27
- France's Total gets oil price profit boost
- EU: Greece must cut deeper to get bailout
on Facebook
- Tenn. father charged with murdering couple who"unfriended" daughter on Facebook
- Adele opens up about vocal cord surgery
- "Person to Person" with George Clooney
on CBS News
