Borders investigates whether customers' personal information was revealed on website

By Nathan Bomey Business news director

Posted on Mon, Apr 25, 2011 : 6:33 p.m.

UPDATE 10:56 a.m. April 26: Some Borders Rewards customer names, email addresses were exposed, company says

Ann Arbor-based book store chain Borders Group Inc. is investigating whether any of its customers' personal data was exposed on a website that apparently contained information about its loyalty program.

Borders Rewards, the company's customer loyalty program, has more than 41 million members.

File photo | AnnArbor.com

The website, which has since gone offline, published a searchable database containing information associated with the Borders Rewards loyalty program, according to a blog post Saturday on a blog run by Borders workers and former employees.

It was not immediately clear how long the website was live, how the information may have become public, or whether any information was inappropriately distributed.

Borders Rewards has more than 41 million members. The company uses it to email coupons to customers and provides additional discounts to people who pay an annual fee of $20.

Borders spokeswoman Mary Davis confirmed in an email that the website had been taken offline and is "no longer accessible externally."

"We take the security of our members' information very seriously and are currently investigating the situation," she said.

She declined to comment further.

The website was apparently set up by a marketing firm called Brierley+Partners, which helped Borders design and implement Borders Rewards.

A spokesperson for Brierley+Partners was not immediately available to comment.

The situation comes as Borders is navigating Chapter 11 bankruptcy. The company is closing 226 superstores and considering a move out of Ann Arbor.

The incident also comes as major corporations are increasingly struggling to dodge external ploys to gain access to customer data. Earlier this month, a company called Epsilon, which manages email marketing for major retailers like Best Buy and banks like JPMorgan Chase, announced that the names and email addresses of millions of customers may have been stolen. Borders was not on the list of companies affected by the Epsilon breach, however.

The blog run by Borders workers and ex-employees published a post Saturday about the website that may have contained the Borders Rewards information.

The original poster, claiming to be a former Borders employee who left the company "many months ago," claimed to have "pointed out this security flaw to my manager, district manger, customer support" and through an internal communication system to the company's president.

Contact AnnArbor.com's Nathan Bomey at (734) 623-2587 or nathanbomey@annarbor.com. You can also follow him on Twitter or subscribe to AnnArbor.com's newsletters.

Comment Now