April 15, 1999 5:00 AM PDT

Nissan privacy goof exposes email addresses

Related Stories

Privacy holes signal need for standards

April 13, 1999

Yahoo plugs security breach

April 8, 1999
Net users interested in the Xterra, Nissan's upcoming sport utility vehicle, received something extra in their email early yesterday morning: a list of more than 24,000 email addresses of potential buyers.

In what Nissan called a "technical error," the automaker sent the addresses of those who had filled out a form on its Web site to every address on the list. Every customer who signed up for Xterra information received the list, according to Nissan spokeswoman Trina Lagod.

Nissan plans to have the Xterra in showrooms by June 1. In the meantime, interested customers can receive updated information about the vehicle by signing up through the vehicle's Web site.

The mass mailing was an "inadvertent error," and the company sent out an apology letter yesterday afternoon to everyone who received it, according to Gerry Tschopp, manager of corporate news at Nissan. The company had not yet identified the cause of the error, he said.

"This has never happened to us before," Tschopp said.

But the act of "cluelessness"--as one privacy advocate put it--stands out as latest in a series of recent privacy breaches from companies such as Yahoo, Excite, and Microsoft. And it comes at a time when members of Congress are preparing several bills aimed at regulating online privacy.

Tschopp said that despite the number of email addresses contained in the message, the company had not received many complaints about it. Pointing out that the customers affected had requested to be on the mailing list, he said he "didn't know" if Nissan had violated customers' privacy.

"I don't know how or if people are upset," Tschopp said.

One person who received the email, a Bellevue-based software engineer, said the glitch was both upsetting and amusing. When he tried to notify Nissan about the problem, he said, he got little response.

"I tried calling them twice," he said. "They just kind of seemed nonchalant about it." He also suggested that the mailing could lead to further privacy problems for those on the list.

"If somebody's an entrepreneur, they could clean up," he said. "They could sell those emails to a demographic."

Jayson Catlett, president of Junkbusters, an anti-spam and privacy organization, said Nissan itself might be hurt by the mass mailing. Businesses often sign on to receive information from their competitors, Catlett said, and Nissan's competitors could have received the list of addresses.

"Although it's not likely that they would turn around and spam those names, they could do some demographic and psychographic analyses of the people who signed up," Catlett said.

Because Nissan does not have a privacy statement on its Web site, there probably was not any legal violation of privacy, Catlett said. Still, he said, Nissan and other companies should do more to protect customers from their "local pockets of cluelessness."

"Companies really need to establish policies and procedures for email communications that prevent this kind of snafu," Catlett said.

Mark Rotenberg, executive director of the Electronic Privacy Information Center, said the mass mailing was a breach of customers' confidence. It's unlikely that Nissan would make the same mistake again, he added, but consumers need to be careful about what they disclose online.

"If nothing else, it makes people who went to the Nissan Web site think twice about doing that again," Rotenberg said.

 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.