AOH :: ISNQ5039.HTM

Sears Data Breach Draws Lawsuit




Sears Data Breach Draws Lawsuit
Sears Data Breach Draws Lawsuit



http://www.informationweek.com/security/showArticle.jhtml?articleID 5600038 

By Thomas Claburn
InformationWeek
January 7, 2008

Following revelations that Sears' ManageMyHome.com site exposed customer 
purchase data to any online visitor who asked about it, a New Jersey 
resident has filed a $5 million class action lawsuit against the 
retailer.

In a complaint filed on Friday in Cook County, Ill., where Sears has its 
headquarters, plaintiff Christine Desantis alleges that the company's 
exposure of customer data represents a breach of contract and a 
violation of the Consumer Fraud Act.

The $5 million sought is to cover payments to affected consumers and 
attorneys, and the cost of injunctive relief; no individual is seeking 
more than $75,000, according to the legal filing.

The crux of the case is that Sears "failed to take reasonable steps to 
ensure that [consumers'] private information was secure," according to 
the complaint.

"Implicit in Sears's contracts is a good faith and fair dealing 
provision, requiring Sears to disclose whether and to what extent it 
makes publicly available customers' personal information and to take 
reasonable steps to insure that the private information of [customers] 
is not easily accessible by the public," the complaint states. "Not only 
does Sears fail to make such disclosures, it makes contrary disclosures 
on its Web site, listing the specific circumstances -- none of which are 
germane to the instant case -- under which Sears does share customer 
information with others."

The complaint also alleges that Sears' failure to promptly and 
prominently disclose the security breach on its Web site constitutes a 
violation of the Consumer Fraud Act, a claim that shows how much 
disclosure laws like California's SB 1386 have changed the expectations 
of corporations following a data breach.

A Sears spokesperson said the company does not comment on pending 
litigation.


__________________________________________________________________      
Visit InfoSec News
http://www.infosecnews.org/ 

Site design & layout copyright © 1986-2014 CodeGods