TELECOM Digest OnLine - Sorted: CVS Limits ExtraCare Info Access After Expose

CVS Limits ExtraCare Info Access After Expose

Monty Solomon (monty@roscom.com)
Wed, 29 Jun 2005 03:49:02 -0400

Review Index Sorted By: [ date ][ thread ][ subject ][ author ]
Next message: Peter Godwin: "IESG Approves Publication of Anti-Spam Mechanisms"
Previous message: Stephen Greene: "Science is Perfect!"
Next in thread: hancock4@bbs.cpcn.com: "Re: CVS Limits ExtraCare Info Access After Expose"
May be reply: hancock4@bbs.cpcn.com: "Re: CVS Limits ExtraCare Info Access After Expose"
TELECOM Digest: Home Page

By Marion Davis, Staff Writer

The CVS Corp. has cut off Web access to ExtraCare card holders'
detailed purchase information after a consumer group showed reporters
how easily an intruder could log into the system and find out, say,
how many condoms or enema kits someone's bought.

CVS has issued about 50 million of the loyalty cards, which allow the
drugstore chain to track each customer's purchases and, in exchange,
provide a 2-percent rebate on those purchases, along with customized
coupons.

To log into your account on CVS.com, all you need is the card number,
your ZIP code, and the first three letters of your surname. Even now,
anyone with that information can easily find out the card holder's
home address, phone number, and total purchases each quarter.

But until last week, the Web site also allowed customers to request a
detailed purchase report to be emailed to them -- to any address they
put in.

http://www.pbn.com/contentmgr/showdetails.php/id/115431

CVS ends Web site feature over privacy concerns
An unauthorized person could track other customers' purchases by e-mail

News Story by Todd R. Weiss

JUNE 23, 2005 (COMPUTERWORLD) - Retail drugstore chain CVS Corp. has
temporarily disabled a feature on its Web site that allowed an
unauthorized person to improperly obtain customer purchase records via
e-mail.

In a statement yesterday, Woonsocket, R.I.-based CVS acknowledged that
it had disabled a feature that allows registered users of its CVS
ExtraCare loyalty cards to track purchases made under "flexible
spending accounts" (FSA) set up through their employers. The loyalty
cards offer discounts to shoppers who register for the cards and allow
CVS to gather information about their purchases.

More than 50 million customers use its ExtraCare loyalty cards, CVS said.

http://www.computerworld.com/databasetopics/data/story/0,10801,102716,00.html

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: Peter Godwin: "IESG Approves Publication of Anti-Spam Mechanisms"
Go to Previous message: Stephen Greene: "Science is Perfect!"

Next in thread: hancock4@bbs.cpcn.com: "Re: CVS Limits ExtraCare Info Access After Expose"
May be reply: hancock4@bbs.cpcn.com: "Re: CVS Limits ExtraCare Info Access After Expose"
TELECOM Digest: Home Page

Post Followup Article	Use your browser's quoting feature to quote article into reply
Go to Next message: Peter Godwin: "IESG Approves Publication of Anti-Spam Mechanisms"
Go to Previous message: Stephen Greene: "Science is Perfect!"
Next in thread: hancock4@bbs.cpcn.com: "Re: CVS Limits ExtraCare Info Access After Expose"
May be reply: hancock4@bbs.cpcn.com: "Re: CVS Limits ExtraCare Info Access After Expose"
TELECOM Digest: Home Page