Swedish furniture company, IKEA, last week closed down the catalog request portions of its U.S. and Canadian Web sites and began an investigation as the result of an alleged break in that left catalog requestors' personal information unprotected.
“We know that somebody compromised the part of our site where we take catalog requests,” said Rich D'Amico, new business development manager for IKEA North America, Plymouth Meeting, PA, “Someone didn't just fall into this information, they carved their way into it.”
IKEA had not identified a culprit at press time.
IKEA disabled the catalog request Web pages within minutes of being alerted to the situation when CNET News.com called for comment, according to D'Amico.
According to CNET's report, the security breach was uncovered by a U.S. customer who had tried to request a catalog at the IKEA Web site.
Upon investigation, IKEA found that consumer information had been accessed, said D'Amico.
The day after IKEA shut down the pages, it e-mailed catalog requestors who may have been affected by the break-in. The message stated, “Your online catalog request was part of a database that may have been accessed by an online perpetrator. The following information could have been downloaded: name, mailing address, phone number and email address. Rest assured that no credit card or financial information was contained in this database.”
At press time, the number of e-mails sent was not available.
“We are taking this very seriously,” he said, “We don't give out any consumer information at all.”
Though a third party company hosts the request portion of the site, IKEA chose not to identify it.
“IKEA stands behind this because it's IKEA's site,” said D'Amico.