The Consumers' Association (CA) should be thrown out of its own Which? Web Trader internet shopping assurance scheme after it allowed the credit card details of 2700 customers to be published online, according to a leading security expert.
The CA has now closed down its TaxCalc website, which is run by a third party, amid concerns that the details of thousands of credit cards could have been stolen.
The 2700 people who bought the Which? tax calculation software have been advised to cancel their credit cards after the security loophole was reported by The Times.
Kim Lavely, deputy director of the CA, admitted: "This is a serious flaw in the security of the TaxCalc website and we're very concerned about it. As soon as we were made aware of the flaw we removed all personal and financial details from the site. We have already commissioned an independent security expert to conduct a thorough audit of the security of the site."
However, the CA was unable to say whether the website had been audited before, or provide a detailed explanation of their security audit policy before time of publication.
Security analysts contacted by vnunet.com were astonished at the lax security.
Mark Read, network security analyst at MIS Corporate Defence Solutions, told vnunet.com: "This is not an example of a website being cracked; the files were readily available on the server. This is so blatantly stupid it really is quite shocking."
"The CA's own Web Trader scheme says that credit card details should be held securely. They should kick themselves out of Web Trader until they complete their security audits," he added.
Web Trader is "provided by Which? Online to guide you to secure websites where you can shop with confidence", according to information on the organisation's website.
The CA has set up a freephone number (0800 920 150) for TaxCalc purchasers.
You can read the Which? Web Trader code of practice here.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago