Cdiscount sanctioned for lack of security

This is a public warning that will do bad kind for the e-commerce site Cdiscount in an area where the trust placed by users is to be cherished. The National Commission for Information Technology and Civil Liberties accuses him in particular of a lack of security.

Cdiscount-logoWhat is most offensive is a check carried out by the Cnil last February and during which it was found that Cdiscount kept 4,179 customer bank card numbers in the clear in the comments fields of its database. More than 3,000 visual cryptograms were associated with card numbers, of which 2,104 were still valid.

There is still something to be shocked for a site like Cdiscount who explained that this data in the clear in the comments had been collected by a provider for a distance selling activity by phone and not for online sales on the Internet.

To also have " kept data from several million accounts of former customers and prospects, without any deletion or limitation of duration ", Cdiscount is therefore no exception to the public warning which could also serve as a warning to the entire distance selling sector.

If the shortcomings found have been corrected, Cdiscount also receives a formal notice for other breaches of the law. Among these, the " presence of irrelevant comments in its database (client has heart disease, racist client, etc.) ", lack of information regarding data processing, no sufficiently strong password policy.

For the formal notice, which is not a sanction this time, Cdiscout has three months to comply with the law. Chance of Cnil communication … Cdiscount is currently celebrating its 18th birthday. A subsidiary of the Casino group, Cdiscount claims 2 million visitors per day and 16 million customers.