Not only was information being data mined for marketing purposes, but the site allowed third parties (anyone) access to it.
Now it appears lawyers have gotten together a class action against Sears.
In an update, Brian Krebs is reporting:
In a complaint filed Friday in Cook County, Illinois -- where Sears is headquartered -- the plaintiffs allege that the lack of privacy protections at Sears's managemyhome.com site violated its own privacy promises to consumers, and in so doing ran afoul of the Illinois Consumer Fraud Act, which prohibits "unfair and deceptive practices."
The complaint seeks class-action status, and more than $5 million in damages, including attorneys' fees. A copy of the complaint is linked here (PDF).
The suit was filed by KamberEdelson, the same New York City based law firm that successfully pursued Sony BMG Music Entertainment after the media giant shipped millions of music CDs that included spyware.
The same law firm is also seeking plantiffs for a second class action against Sears for installing tracking software on customer's computers after they made a purchase on their site. This might set an interesting legal precedent given all the tracking sofware being used out there.
After all, there is a lot of customer espionage going on out there (my opinion).
So far as me personally, this story has made me extremely wary of shopping at Sears, whether in a mall or on the Internet.
Full story from Brian Krebs on the Security Fix blog, here.