On Friday, we brought you the story of John and his wife, whose personal info ended up in the shopping cart of another customer. Over the weekend, a rep for the retail store responded to Consumerist’s request for comment, even though they didn’t exactly answer the question we’d asked.
From the JCP rep:
jcp.com has had no privacy breach. The site is secure. When someone embeds a link to share with others, they may, under very unique conditions, inadvertently share their information with others who click on the link. This appears to be what happened on our site this week with a few customers. While this is not unique to JCPenney, we have extensive safeguards in place to protect our customers who inadvertently share their information. jcp.com’s display screen does not contain enough information for unauthorized users to make a purchase on a credit card account.
Unfortunately, the company’s statement does not explain John’s original complaint.
He said his family was contacted by a complete stranger after their personal info showed up in his shopping cart. So unless John and his wife are going around sending out links to JCP.com to random people on the internet, the company’s explanation doesn’t really hold water.
We’ve pointed this shortcoming out to them and hope to get a response, though we’re not holding out breath.