On display at the site, UK Shopping City, are shoppers' names, e-mail and postal addresses, gender and age group. The U.K. Information Commissioner's Office said it will act on behalf of the thousands of consumers who have had their details exposed.
"This is a breach of (the Data Protection Act's) Principle 7, which states companies must take 'appropriate measures' to make sure this type of breach doesn't occur," said Faye Spencer, a compliance manager at the U.K. Information Commissioner's Office. Normally an individual affected by such a gaffe would have to contact the body before it would take action, but now that the agency has been notified, it will pursue the offending company, she said.
Mike Pullen, partner in the regulatory group at law firm DLA, said, "The information commissioner should be prosecuting in cases like this."
It is not known why the data has been exposed. Although it is likely to be a Web master error, it could have been caused by a disgruntled employee or a former employee.
The company responsible for the site and owner of the UK Shopping City and UK Shopping Centre brands, named online as Yorkdale Ltd., is unlisted and was unable to be reached. The company did not return calls or e-mail messages Monday.
The U.K. Information Commissioner's Office said it will now try to track down the offending party.
Silicon.com's Tony Hallett reported from London.