WHSmith Data Breach Sends Customers’ PII Out Via Email

British retailer WHSmith has suffered a data breach that has resulted in users’ personally identifiable information (PII) being sent out to hundreds of customers’ inboxes.According to The Guardian, personal information including names, phone numbers, and email addresses that users typed into the retailer’s contact form was not sent to the company but was instead delivered to its entire mailing list.


Some customers allegedly contacted WHSmith using the form in an attempt to notify it about the inbox spamming. However, their efforts led to only more emails being sent out.Given the difficulty of reaching the company via email, many users instead took to Twitter and Facebook, with some complaining that they had received upwards of 50 emails.One Louise Maxwell wrote on Facebook: “What on earth is going on with the magazine subscription online service? I am receiving emails that have been directed to the ‘Contact US’ page to my personal email from angry customers reporting the same thing….!! ‪#‎WHSMITH‬ Sort it out.”

Leave a Reply