You are viewing this article in the archives. For the latest breaking news and updates in Ann Arbor and the surrounding area, see
Posted on Tue, Apr 26, 2011 : 10:56 a.m.

Some Borders Rewards customer names, email addresses were exposed, company says

By Nathan Bomey

(This story has been updated after Borders said it has determined that fewer than 150 names and emails were "obtained" by outsiders.)

The names and email addresses of some customers of Ann Arbor-based book store chain Borders Group Inc. were exposed on a publicly available website, the company acknowledged today.


Borders Rewards, the company's customer loyalty program, has more than 41 million members.

File photo |

The website — which was shut down over the weekend when the company became aware of it — had published a searchable database containing information associated with the Borders Rewards loyalty program, according to a blog post Saturday on a blog run by Borders workers and former employees.

Borders, which told on Monday that it was investigating the incident, now says it has determined that some customer information was publicly available on the site. UPDATE 8:25 p.m.: Borders now says that it has "confirmed" that fewer than 150 names and emails were "obtained" by outsiders.

"We are conducting a thorough investigation to determine whether any other breaches occurred, and how this information was shared externally," spokeswoman Mary Davis said in an email.

Borders Rewards has more than 41 million members. The company uses it to email coupons to customers and provides additional discounts to people who pay an annual fee of $20.

"We are still assessing, but believe only a very small percentage of names/email addresses were viewed," Davis said.

Calls placed to marketing firm Brierley+Partners, which helped Borders design and implement Borders Rewards, have not been returned.

"We are continuing with our investigation into the matter and concurrently are working with our partner Brierley to put in place measures to prevent this from happening again," Davis said.

Contact's Nathan Bomey at (734) 623-2587 or You can also follow him on Twitter or subscribe to's newsletters.



Fri, Apr 29, 2011 : 6:38 p.m.

I hope that the promised thorough investigation includes a review of the email that was sent to openmike on Aug 16, 2010 and again on October 11, 2010 with the subject line Borders Critical Security Problem as well as the messages sent last August to the administrator of the internal bordersconnect training website who replied "thank you for the message. I have passed this along to the proper team and they are already working on it." Apparently at Borders, a lowly $7.75 per hour bookseller has no real voice or credibility. It is not the number of site accesses but the fact that any customer data was available via an unsecured public website.

Donna LeVasseur

Wed, Apr 27, 2011 : 10:06 p.m.

This security breach was pointed out to Borders months ago by a store level employee. They did nothing about it.

Amanda Zervesme

Wed, Apr 27, 2011 : 7:17 p.m.

What ridiculous spin. The Borders Rewards lookup page hosted by has always been viewable on the public Internet. I know, because as a Waldenbooks employee I had to use it constantly on my smartphone when the store's sole computer was otherwise in use. Fry like bacon, little piggies!

A2 is a Utopia

Tue, Apr 26, 2011 : 10:15 p.m.

crazy, reading previous stories and comments about identity fraud, I htought it only occured at EMU. Appeares this crime occurs anytime any where.

Savage Pencil

Tue, Apr 26, 2011 : 9:52 p.m.

And the folks at Borders have the audacity to promote this program as a "business plan". It's no wonder that the employees have to fight with customers to sign up for this gimmick.

Urban Sombrero

Tue, Apr 26, 2011 : 7:23 p.m.

Meh, I don't care about my name and email address getting out there. That's cool. I'm fine with this since it doesn't link the books I've bought up with my real name. I'd be mortified if the neighbors knew I read the Twilight saga!

Urban Sombrero

Tue, Apr 26, 2011 : 9:34 p.m.

**sigh** I know, I know.

say it plain

Tue, Apr 26, 2011 : 9:12 p.m.

As well you should be @Urban, as well you should be!

Ron Granger

Tue, Apr 26, 2011 : 4:18 p.m.

For years Borders paid Amazon to run their website. For years Borders' management was incapable of bringing the effort in-house. The bungled attempts were comical. How much did they pay IBM, and other consultants for failed promises? I can remember going to Borders' in-house website time and again and seeing broken pages. I couldn't even browse the site, much less order. What a farce. In any case, contrary to what people would have you believe, these websites still aren't trivial or easy. You need top people running them. Given Borders' history in recent years, how could they attract top talent? How many former Amazon people do they have on staff? Former Walmart employees were key to Amazon's distribution and fulfillment success, and there were lawsuits over it. There is an all too popular notion in business and government where people really don't care about the outcome or the quality, as long as they get paid.


Tue, Apr 26, 2011 : 4:05 p.m.

There go those bonuses!


Tue, Apr 26, 2011 : 3:57 p.m.

Thanks Borders for saving the efforts of hackers! You yourself provided what they needed!