Parcelforce fault leaks customer details

 

Gallery

By Matthew Sparkes

Posted on 19 Jun 2009 at 14:06

A serious fault on Parcelforce's website has exposed the name, address and signatures of customers, the company has admitted.

The problem affected the "track and trace" feature of Parcelforce's website, which is designed to allow people to track the location of their packages.

The fault caused the tool to give out details of the wrong packages when a reference number was entered, along with the personal details of the sender. For packages that had already been delivered, the signature of the recipient was also shown.

As well as exposing sensitive data, many customers were left confused by messages that said their packages were in unexpected locations, or, inaccurately, that they had already been delivered.

The fault left Parcelforce in violation of strict data protection rules which state that any organisation handling data pertaining to customers must put safeguards in place to protect that information.

Parcelforce has blamed the fault on work carried out to the system late on Wednesday night. The company stopped access to the tool until it was rectified on Thursday night.

"We can confirm that the problem was rectified and the service restored last night," said a Parcelforce spokesperson. "We apologise to customers for any inconvenience caused."

The Information Commissioner's Office has said that it will be contacting the company to investigate exactly how the security breach occurred.