Play.com - Important: Email (IN)Security Message ...

 
"From: "Play.com"
Sent: 22/03/11 01:10
Subject: Important: Email Security Message

Dear Customer,

Email Security Message

We are emailing all our customers to let you know that a company that
handles part of our marketing communications has had a security
breach. Unfortunately this has meant that some customer names and
email addresses may have been compromised.

We take privacy and security very seriously and ensure all sensitive
customer data is protected. Please be assured this issue has occurred
outside of Play.com and no other personal customer information has
been involved.

Please be assured we have taken every step to ensure this doesn?t
happen again and accept our apologies for any inconvenience this may
have caused some of you.

Customer Advice

Please do be vigilant with your email and personal information when
using the internet. At Play.com we will never ask you for information
such as passwords, bank account details or credit card numbers. If you
receive anything suspicious in your email, please do not click on any
links and forward the email on to privacy@play.com for us to
investigate.

Thank you for continuing to shop at Play.com and we look forward to
serving you in the future.

Play.com Customer Service Team

************************************************************************
Confidentiality: This e-mail and any files transmitted with it are
confidential and intended solely for the use of the individual or entity
to whom they are addressed. If you have received this e-mail in error
please notify the sender immediately and delete this message from your
computer without further action. Any dissemination, distribution or
copying of this message or any files transmitted with it by an
unauthorised recipient is strictly prohibited.
Viruses: This message has been swept for viruses but we cannot guarantee
that this e-mail or its attachments are virus free nor accept
responsibility for any virus inadvertently transmitted herewith.
************************************************************************ "

 

and later in the day ...

 

"from    Play.com <info@play.com>
reply-to    info@play.com
date    Tue, Mar 22, 2011 at 9:46 PM
subject    Important: Email Security Update
mailed-by    bounce.newsletters.play.com

Dear Customer,

As a follow up to the email we sent you last night, I would like to give you some further details. On Sunday the 20th of March some customers reported receiving a spam email to email addresses they only use for Play.com. We reacted immediately by informing all our customers of this potential security breach in order for them to take the necessary precautionary steps.

We believe this issue may be related to some irregular activity that was identified in December 2010 at our email service provider, Silverpop. Investigations at the time showed no evidence that any of our customer email addresses had been downloaded. We would like to assure all our customers that the only information communicated to our email service provider was email addresses.  Play.com have taken all the necessary steps with Silverpop to ensure a security breach of this nature does not happen again.

We would also like to reassure our customers that all other personal information (i.e. credit cards, addresses, passwords, etc.) are kept in the very secure Play.com environment. Play.com has one of the most stringent internal standards of e-commerce security in the industry. This is audited and tested several times a year by leading internet security companies to ensure this high level of security is maintained. On behalf of Play.com, I would like to once again apologise to our customers for any inconvenience due to a potential increase in spam that may be caused by this issue .

Best regards,

John

John Perkins
CEO
Play.com

************************************************************************
Confidentiality: This e-mail and any files transmitted with it are
confidential and intended solely for the use of the individual or entity
to whom they are addressed. If you have received this e-mail in error
please notify the sender immediately and delete this message from your
computer without further action. Any dissemination, distribution or
copying of this message or any files transmitted with it by an
unauthorised recipient is strictly prohibited.
Viruses: This message has been swept for viruses but we cannot guarantee
that this e-mail or its attachments are virus free nor accept
responsibility for any virus inadvertently transmitted herewith.
************************************************************************ ".

 

Note that Play do not draw attention to the fact customers sign in to their accounts with the aforementioned leaked email address as username. Nor do they mention they retain customer credit card information, rather than requiring it to be re-input on occasions of purchasing.

It's not the spammers one needs worry about, it's the burglar gang who have both your address, telephone number, & a shopping list of the Play items you have.