Express website exposed customer data, security flaw fixed

Fashion retailer Express has rectified a significant security vulnerability on its website that inadvertently exposed customers' personal information and order details to the public internet. The flaw allowed unauthorized access to order confirmation pages, revealing names, contact details, addresses, purchase histories, and partial payment card information. A security advocate discovered the issue and alerted TechCrunch, which then prompted Express to address the vulnerability. While the company has since patched the site, it remains unclear if customers will be notified of the data exposure or if Express has implemented a formal process for reporting security concerns.