Woolies forced to shut online store

High street veteran Woolworths has been forced to temporarily close its online store after customer credit card and personal details were exposed on its website.

Two Woolworths customers will receive cash compensation from the high street retailer after their names, addresses, and phone and credit card details were published on the www.woolies.co.uk website.

Woolworths says that an unidentified glitch in the website caused the customers' personal details, along with a description of the last product they had bought online, to be published on a web page within its site. A third customer then accessed this page and raised the alarm.

A Woolworths spokesman told vnunet.com that the company has apologised profusely to those involved and has agreed a one-off payment to the two customers for the inconvenience involved in cancelling their credit cards. He said one of the customers had asked for the compensation sum not to be revealed and thus he could not supply further details.

According to the spokesman, the website was closed down as soon as Woolworths became aware of the breach and the retailer is now conducting a thorough investigation into the reasons for the breach in customer confidentiality.

He added that he does not expect this to be completed until 18 August and the website would remain offline until then.

High street bank Barclays recently suffered a breach following a system upgrade that allowed customers to view each other's bank account details online.

Woolworths confirmed that it had also recently upgraded its system but denied that this was at fault, saying such upgrades were ongoing and the cause of the problem had not yet been identified.

Woolworths is the third case of a major UK company letting down its customers over the storing of confidential information on websites.

In July, thousands of PowerGen customers had their credit card details exposed on the utility's website. Security experts said at the time that companies often failed to secure customer data, because of a variety of mistakes. These included web connections being left open at a firewall, poorly designed web applications and web servers not being patched.

Consumer groups said these breaches were weakening public confidence in ecommerce. Earlier this month, a report from the National Consumer Council, Ecommerce and Consumer Protection, found that unless problems with online security are addressed, the fear of fraud would continue to be a deterrent to online retail.

Despite the UK's support for dotcom enterprises, and the government's insistence that the UK would become the central hub in Europe for ecommerce, purchasing is still one of the least popular online activities, according to the report.