Retail Technology
| Log in | Subscribe
Subscribe | Log in
Retail Technology
Subscribe

Online retailer contacts customers after marketing communications security breach

Play.com logoOnline retailer contacts customers after marketing communications security breach

 

Play.com, the UK-based online retailer of DVDs, CDs, MP3s, books and gadgets, emailed its customers yesterday to warn them of a security breach in its marketing communications, where names and email addresses may have been compromised.

 

The company sent out email security messages to some of its customers, advising: “A company that handles part of our marketing communications has had a security breach. Unfortunately this has meant that some customer names and email addresses may have been compromised.”

 

The message stressed that Play.com takes privacy and security very seriously, ensuring “all sensitive customer data is protected”.

 

“Please be assured this issue has occurred outside of Play.com and no other personal customer information has been involved,” it continued.

 

Possible spam exposure

 

But the messages issued follow media reports yesterday that some customers had received spam at email accounts specifically linked to Play.com.

 

Mark Harris, vice president of security firm SophosLabs, welcomed that fact that Play.com issued a statement to let customers know about the security breach, he pointed out that it did not offer any information about what people should do if they notice any unusual activity on their Play.com account.

 

“The full extent as to what information has been leaked is not clear, but any security breach involving the loss of customer information is extremely serious – even though Play.com has stated that the breach occurred with a third party, they are ultimately responsible for the security of their customer’s data,” said Harris. “Play.com customers should exercise additional caution when accessing their emails, even if they appear to come from trustworthy sources. Sophos advises users of Play.com to err on the safe side and change their passwords on Play.com.”

 

Ross Brewer, vice president and managing director for international markets at LogRhythm, commented: “This incident is a stark reminder that an organisation’s security and reputation is often dependent on the behaviour of third parties. To prevent these embarrassing and costly breaches from occurring, businesses need to prescribe stricter security policies for their outsourcers.

 

Keeping an audit trail

 

"Few firms monitor the internal workings of their IT infrastructures, so have little idea how hackers roam around the network in search of valuable information. By stipulating that suppliers must deploy log management solutions, organisations can not only gain forensics into how an attack spreads, they can also receive alerts about any suspicious behaviour, enabling them to prevent a damaging breach from happening in the first place.”

 

News of this incident comes hot on the heels of new research from The Ponemon Institute estimating that the average data breach now costs UK firms £1.9 million. In separate research, conducted by OnePoll in November 2010, 66% of UK consumers said they would try to avoid future interactions with companies that had lost their personal data.

 

As far as Play.com is concerned, a number of news outlets reported back in November 2009 that Play.com suffered more technical difficulties involving other customers’ data when order confirmation emails were sent to the wrong customers.