A major courier company has blamed a bug in the system after customers were able to track and trace other people's parcels.

Nationwide delivery company PBT — which operates out of 27 branches and employs more than 1,000 staff and contractors — was alerted by a customer who found he was able to see other clients' personal information through the parcel-tracking system.

A privacy expert yesterday warned that the glitch exposed a risk of identity theft.

The customer was tracing his own parcel and discovered he could access details of other customers' information simply by clicking on reference numbers.


A check of some other courier firms revealed a risk for breaches, with similar information being available under their tracking systems.

Shown the information, privacy expert Hayden Wilson of Kensington Swan Law said PBT Couriers "really dropped the ball on this".

Information included addresses of delivery, signatures, the names of the person who received the packages and finally a link to the satellite view of the address via Google Maps.

Dating on the tickets revealed private information had become available as far back as March.

Wilson said it was a definite privacy breach by PBT, as it was disclosing information in a way that wasn't intended by those who provided it.

"A few things that are concerning: obviously you can see the signature and the delivery address so there is a risk of identity theft if you combine the information available."

Wilson raised concerns regarding the tracking feature that shows the status of no-pickups, which gives an opportunity for burglars to use the information for break-ins.

A PBT spokesman said there was "a bug" in the tracking systems, which was the result of a glitch in the service that allows people with multiple tracking numbers to scroll through all their items.

"We have removed access to the tracking section on our website and are looking into this issue."

He also said company executives would meet tomorrow to fix the matter.