Monday, October 6, 2008

AcademicSuperstore: Leaked My Credit Card Info!

Imagine Googling yourself and finding that your email address, phone number, home address, and some credit card information are now all available to the public and linked to your name. That's what happened to me:

If you were ever a customer of, it's possible your identity is under threat. How do I know this? Because your contact info was revealed in a clever Google search with about 1600 other people:

I contacted Academic Superstore on September 24th, 2008 and was promptly replied to by their head of Information Technology. Since then, we have exchanged 14 emails. In all of those exchanges they have never apologized for the security breach.

In their privacy policy they make statements like:
"We promise that your information is secure."
"we will not pass your e-mail address to others"
"personal information and credit card details cannot be viewed by outside parties"
After sending their head of IT several irate emails, he promised that someone else in the company would contact me to discuss the damages. That was seven days ago and I still haven't heard from them. I still haven't received an apology. There's no indication that they will take responsibility for permanently damaging my privacy by releasing my private info to the public.

What irritates me the most about this situation, I DIDN'T EVEN PURCHASE ANYTHING FROM THEM. By the time I had jumped all the hurdles of online purchasing, including verification of my academic status, which requires you to send them proof of your academic status, they told me the item I wanted was not in stock. So I canceled my order and purchased elsewhere. Too bad they had already stored my personal information, irresponsibly. If you look at online reviews (many of which are similar to this one) you'll find that others have this same "we'll make you pay for it before we tell you it's out of stock" problem.

Here's hoping that the companies we choose to trust will actually protect our information and take responsibility when they screw up.


bodhi said...

I'll never do business with them...good luck with the effort for recourse and retribution

Anonymous said...

How should I structure the Google search to see if my info has been compromised? I have been a customer of A.SS, but won't deal with them again.

Joe said...

They fixed the problem quickly after I pointed it out to them. Your personal info should not appear in a current Google search.

Anonymous said...

This sounds like lawsuit material. Once, a company where I'd shopped was hacked, and customers' financial and other information had possibly been compromised. That company notified everyone immediately, and offered a year's subscription to one of the major credit watch services for everyone affected. That's a professional way to handle such an incident; what you describe is not, and they should be held liable.