While it was a dumb mistake, the information revealed was relatively harmless: products, model numbers, purchase dates, and warranty information. The site did not reveal credit card information or other sensitive data.
That hasn't stopped the firm KamberEdelson from filing a class-action compliant for $5 million against Sears. It's hard not to laugh as you read the complaint.
Here's the terrible harm that plaintiffs may have suffered: "… a nosy person can find out how much his neighbor spent on a new washing machine or lawnmower." Is that really worth $5 million?
The claim goes on to cobble together other scenarios without a shred of evidence that any of them occurred. For instance, marketers might mine the site to send advertisements to Sears customers -- as if Sears isn't already selling that information to business partners and affiliates.
It also invokes insidious hackers, who might access the data to pretend to be from Sears and then trick people into giving up credit card or Social Security numbers.
While conceivable, this scheme strikes me as unlikely. Fraudsters would have to start blind, by randomly entering names and addresses from the phone book one by one in hopes of finding a match. It's a time-intensive, low-margin scam, particularly when bundles of stolen credit card numbers are available all over the Internet. And would you really give your Social Security number to the Maytag man?
The last thing the privacy movement needs is a flood of frivolous lawsuits that capitalize on the legitimate fear that corporations put our sensitive data at risk. This lawsuit smacks of naked opportunism, and it ticks me off as much as Sears' dumb mistake.