Records of more than 700,000 customers of German online shops and comparison portals were apparently available unprotected on the Internet for years. The retailers affected include MediaMarkt, Check24, Otto, Kaufland and Idealo. Customers have not yet been informed.
Huge data leak: hundreds of thousands of German customers affected
According to research by the ARD magazine Plusminus, sensitive user data from various online shops has been freely accessible online for years. The gap has now been closed, but affected customers have not yet been informed of the security incident. Nobody feels responsible for the massive breakdown. Whether with the records Identity theft or phishing attacks were carried out remains unclear.
A programmer had already noticed the data leak at an interface service provider in the summer of 2021. This service provider, who was not named, connects the merchandise management systems with the online shops of several German retailers. This includes MediaMarkt, Check24, Tyre24, Otto, Kaufland, Idealo, Hood and Crowdfox (Source: Tagesschau).
The data records available without protection include postal and mail addresses as well as telephone numbers, Details of orders made including invoices and sometimes also bank details. No passwords were reportedly found. Customers can use the “leak checker” to check whether and which of their data could be viewed online.
Fake online shops: How to spot them.
Data protection officer speaks of “scandalous process”
The state data protection officer of Baden-Württemberg speaks of one in connection with the data leak that has only now been made public “serious and scandalous event”. The fact that customers were not informed about the security gap is heavily criticized.
Kaufland as a directly affected company denies responsibility. A spokesman told Plusminus that their own platform only serves as an “intermediary between customers and retailers”. The retailers themselves are therefore solely responsible for protecting customer data.