Exclusive: Fashion retailer Express left customers' personal data and order details exposed to the internet
By Zack Whittaker
Published on April 16, 2026.
Fashion retailer Express has fixed a security flaw that exposed its customers' personal data and order details to the internet. The flaw exposed order confirmation pages on Express’ online store, revealing details of purchases and who made them. The exposed information included customer names, phone numbers, email addresses, postal, billing, and delivery addresses, and partial payment card information. A security and privacy advocate discovered the flaw after investigating a fraudulent purchase on a family member's account, but found no way to report it to Express. Express has not yet disclosed plans to notify customers of the security lapse. This incident is part of a trend of incidents where customers' information was left exposed online due to misconfigurations or inadvertent security lapses.
Related Articles
Mom Sues Uber Over ‘Terrifying’ Ride with Kids After Driver Allegedly Refused to Let Them Out and Became Violent
A Texas mother sued Uber and its driver, alleging unsafe, and violent rides with her children, including assault and negligence.
OpenAI loses product chief, Sora head, and enterprise CTO in single-day triple exit
OpenAI executives, including Kevin Weil, Bill Peebles, and Srinivas Narayanan, left the company as it consolidates towards enterprise AI, shutting down side quests and merging research.
Biblioracle: The LitRPG series ‘Dungeon Crawler Carl’ has sold millions of copies. But it’s not for me.
The LitRPG series, featuring characters like Carl and Donut, fails to capture my interest due to its heavy literary content and video game mechanics.