Spam from "GSN" to e-mail address registered on Play.com
Comments
-
Heh heh, very good! :rotfl:dragonmeat wrote: »Phew - I was worried for a moment that my personal details had been lost, whereas in reality all that's happened is that my personal details have been lost.0 -
If you look at the thread on GSN, it looks like they are also investigating - remember there are a bunch of annoyed users who've received the same spam, but who have never been play.com customers. It'll be interesting to see what they come up with.0
-
Yes, it could have been a lot worse. If this is the case, then it's good to see that play.com are not sending the whole customer record (eg billing and delivery addresses, tel numbers, etc) to external suppliers who categorically don't need it.GustyGardenGalaxy wrote: »Well, if it's only our names and email addresses then I can handle that - I get enough spam as it is, a bit more is unlikely to be noticed. However, that's just me - this is going to be decidedly inconvenient for some who rarely get any spam.
Still haven't got an answer from them though
0 -
I wonder what would be the course of action if credit/debit card details had also been leaked?
Would everyone have had to cancel their cards and get new ones issued?0 -
Yeah, almost certainly. Retailers don't usually store the 3-digit security number on the back of the card, but then not all transactions required this, I believe.
Once (if) play get back to me, I will ask if they will consider a feature to remove credit card details. It's not hard to do, and improves customer trust. And they could probably do with a bit of that at the mo!0 -
GustyGardenGalaxy wrote: »I wonder what would be the course of action if credit/debit card details had also been leaked?
Would everyone have had to cancel their cards and get new ones issued?
Assuming this were to happen the the PCI DSS rules kick in and it means huge fines and I believe they would have to bear the costs of all transactions including all legitimate ones and card replacement costs. Not a situation any company wants to be in.ummm...0 -
VariousArtists wrote: »If you want to delete your credit card number, you can replace it with a fake one:
4111 1111 1111 1111
Postcode: A1
Phone number: 0
And just make something up for everything else.
Doesn't work, does anybody know how to delete card details?0 -
Internet_Pawn wrote: »Protection Laws of Luxembourg."[/I]
[/INDENT]I'm not sure a court would agree that passing data to a marketing agency comes within the definition of 'a range of services, including for fraud protection purposes.' Marketing has nothing whatsoever to do with any of the activities listed and their policy can't be interpreted as giving play.com the right to share our data with all and sundry . Far from resolving the issue, all their statement does is confirm their complicity in passing on our email addresses to third parties.
Oh yeah, and what's with the 'may have been compromised' comment. Do they not yet accept that our data has leaked?
The "marketing" is almost certainly the company that handles Play's emails/newsletters and competitions - in other words someone Play would be legally allowed to share the info (name/email), as long as it was only used by that company in direct relation to the Play account under Play's instructions.
It's pretty much exactly what most banks, and large companies do, they outsource certain aspects of the communications to companies who specialise in that job (you don't imagine for one moment your Bank owns the printers that do your bank statements? or prints all those leaflets/loan apps they like to send you in house?;)).
Normally it's completely transparent to the end user and the company dealing with the data under contract wouldn't be allowed to use it for any other purpose (IE a company doing the emails for retailer A, wouldn't be allowed to use the details for retailer B unless the customer had opted to allow that, and retailer A had said ok).
As long as (from memory) both the Primary Company (Play) and it's authorised agent (the company that handles it's marketing emails) are registered with the relevant Data Protection authorities, and normal safety procedures are followed (IE the data isn't knowingly misused, and the company takes recognised steps to protect the data*), it's completely legal - and probably safer than having a company who doesn't specialise in that particular field sending out regular news letters (for one thing doing it this way absolutely ensures the only details involved are the email address and name as it will be on a completely separate system to the Play one).
What it looks like, is basically the Newsletter list has been compromised somehow, which is annoying, but not a major security issue.
I'm mildly annoyed about it, but I'd rather a third party system got compromised, than the one that holds things like my full address and credit card.
*And no matter how good those steps are, they aren't always 100% proof - even for banks, or when everything is in house.0 -
What it looks like, is basically the Newsletter list has been compromised somehow, which is annoying, but not a major security issue.
Except that I opted out of the newsletters/competitions/emails/offers etc back in 2009 and have not received an email from them since - so why was my information there?0 -
The "marketing" is almost certainly the company that handles Play's emails/newsletters and competitions - in other words someone Play would be legally allowed to share the info (name/email), as long as it was only used by that company in direct relation to the Play account under Play's instructions.
Is it still legal if it is not covered by the company's own Data Sharing policy (as this isn't)? I understand why they did it - what I don't accept is that the agreement I had with them gives them the right to do it. I am sure you are right that lots of business outsource operations that involve passing on my private data, but I expect them to get my premission for it first. In Play's case, they only asked for (and got) permission to pass on our data in connection with processing transactions, which this isn't.0
This discussion has been closed.
Categories
- All Categories
- 343.1K Banking & Borrowing
- 250.1K Reduce Debt & Boost Income
- 449.7K Spending & Discounts
- 235.2K Work, Benefits & Business
- 607.8K Mortgages, Homes & Bills
- 173K Life & Family
- 247.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 15.9K Discuss & Feedback
- 15.1K Coronavirus Support Boards