Forum Home» Praise, Vent & Warnings

Spam from "GSN" to e-mail address registered on Play.com - Page 7

New Post Advanced Search

Spam from "GSN" to e-mail address registered on Play.com

edited 21 March 2011 at 12:09AM in Praise, Vent & Warnings
144 replies 38.4K views
145791015

Replies

  • halferhalfer Forumite
    38 posts
    dragonmeat wrote: »
    Phew - I was worried for a moment that my personal details had been lost, whereas in reality all that's happened is that my personal details have been lost.
    Heh heh, very good! :rotfl:
  • halferhalfer Forumite
    38 posts
    If you look at the thread on GSN, it looks like they are also investigating - remember there are a bunch of annoyed users who've received the same spam, but who have never been play.com customers. It'll be interesting to see what they come up with.
  • halferhalfer Forumite
    38 posts
    Well, if it's only our names and email addresses then I can handle that - I get enough spam as it is, a bit more is unlikely to be noticed. However, that's just me - this is going to be decidedly inconvenient for some who rarely get any spam.
    Yes, it could have been a lot worse. If this is the case, then it's good to see that play.com are not sending the whole customer record (eg billing and delivery addresses, tel numbers, etc) to external suppliers who categorically don't need it.

    Still haven't got an answer from them though :(
  • GustyGardenGalaxyGustyGardenGalaxy Forumite
    688 posts
    Part of the Furniture 500 Posts
    ✭✭
    I wonder what would be the course of action if credit/debit card details had also been leaked?

    Would everyone have had to cancel their cards and get new ones issued?
  • halferhalfer Forumite
    38 posts
    Yeah, almost certainly. Retailers don't usually store the 3-digit security number on the back of the card, but then not all transactions required this, I believe.

    Once (if) play get back to me, I will ask if they will consider a feature to remove credit card details. It's not hard to do, and improves customer trust. And they could probably do with a bit of that at the mo!
  • g33zag33za Forumite
    706 posts
    I wonder what would be the course of action if credit/debit card details had also been leaked?

    Would everyone have had to cancel their cards and get new ones issued?

    Assuming this were to happen the the PCI DSS rules kick in and it means huge fines and I believe they would have to bear the costs of all transactions including all legitimate ones and card replacement costs. Not a situation any company wants to be in.
    ummm...
  • InactiveInactive Forumite
    14.5K posts
    If you want to delete your credit card number, you can replace it with a fake one:
    4111 1111 1111 1111
    Postcode: A1
    Phone number: 0
    And just make something up for everything else.


    Doesn't work, does anybody know how to delete card details?
  • NilremNilrem Forumite
    2.6K posts
    Part of the Furniture 1,000 Posts
    ✭✭✭✭
    Protection Laws of Luxembourg."[/I]
    [/INDENT]I'm not sure a court would agree that passing data to a marketing agency comes within the definition of 'a range of services, including for fraud protection purposes.' Marketing has nothing whatsoever to do with any of the activities listed and their policy can't be interpreted as giving play.com the right to share our data with all and sundry . Far from resolving the issue, all their statement does is confirm their complicity in passing on our email addresses to third parties.

    Oh yeah, and what's with the 'may have been compromised' comment. Do they not yet accept that our data has leaked?

    The "marketing" is almost certainly the company that handles Play's emails/newsletters and competitions - in other words someone Play would be legally allowed to share the info (name/email), as long as it was only used by that company in direct relation to the Play account under Play's instructions.

    It's pretty much exactly what most banks, and large companies do, they outsource certain aspects of the communications to companies who specialise in that job (you don't imagine for one moment your Bank owns the printers that do your bank statements? or prints all those leaflets/loan apps they like to send you in house?;)).
    Normally it's completely transparent to the end user and the company dealing with the data under contract wouldn't be allowed to use it for any other purpose (IE a company doing the emails for retailer A, wouldn't be allowed to use the details for retailer B unless the customer had opted to allow that, and retailer A had said ok).

    As long as (from memory) both the Primary Company (Play) and it's authorised agent (the company that handles it's marketing emails) are registered with the relevant Data Protection authorities, and normal safety procedures are followed (IE the data isn't knowingly misused, and the company takes recognised steps to protect the data*), it's completely legal - and probably safer than having a company who doesn't specialise in that particular field sending out regular news letters (for one thing doing it this way absolutely ensures the only details involved are the email address and name as it will be on a completely separate system to the Play one).

    What it looks like, is basically the Newsletter list has been compromised somehow, which is annoying, but not a major security issue.

    I'm mildly annoyed about it, but I'd rather a third party system got compromised, than the one that holds things like my full address and credit card.


    *And no matter how good those steps are, they aren't always 100% proof - even for banks, or when everything is in house.
  • Nilrem wrote: »

    What it looks like, is basically the Newsletter list has been compromised somehow, which is annoying, but not a major security issue.

    Except that I opted out of the newsletters/competitions/emails/offers etc back in 2009 and have not received an email from them since - so why was my information there?
  • Nilrem wrote: »
    The "marketing" is almost certainly the company that handles Play's emails/newsletters and competitions - in other words someone Play would be legally allowed to share the info (name/email), as long as it was only used by that company in direct relation to the Play account under Play's instructions.

    Is it still legal if it is not covered by the company's own Data Sharing policy (as this isn't)? I understand why they did it - what I don't accept is that the agreement I had with them gives them the right to do it. I am sure you are right that lots of business outsource operations that involve passing on my private data, but I expect them to get my premission for it first. In Play's case, they only asked for (and got) permission to pass on our data in connection with processing transactions, which this isn't.
This discussion has been closed.

Quick links

Essential Money | Who & Where are you? | Work & Benefits | Household and travel | Shopping & Freebies | About MSE | The MoneySavers Arms | Covid-19 & Coronavirus Support