A federal lawsuit alleges that the major mattress disruption company Caspar may have “wiretapped” potential customers—and all visitors to the company’s site—in cahoots with a software company named NaviStone.
Originally a New York-based, cut-out-the-middleman company, Caspar is now distributed by Target, and its products are available nationally. The case at hand is focused solely on online orders.
The 21-page suit is aimed at class-action status, but currently relates one customer’s claim that a completed but not submitted purchase form online resulted in the capture of that shopper’s information. According to CBS News, the site runs remote code on a visitor’s browser then minute the Caspar site downloads, allowing the third party to record keystrokes, mouse clicks, the visitor’s IP address and other information.
The Nov. 28 filing does not speculate, but it appears the information grabbed is aimed at re-targeting visitor to the site who don’t make a purchase. The problem is that the information grabbed could be anything, and as we know from the endless parade of data breaches on the nightly news, nothing is truly secure.
NaviStone essentially confirms the above on its website, saying that their technology allows their customers to identify previously unidentifiable visitors to a website. As to the question regarding whether or not this amounts to corporate-grade malware is for a court to decide.
If the court determines that Caspar and NaviStone were spying on visitors and secretly recording their behavior, they made their own beds and one can only hope that the consequences are as severe as the violation of consumer privacy—and trust.