Customers of Play.com have been notified that their personal details may have been compromised as a result of a data breach. According to an email sent to customers this morning, names and email addresses may have been leaked following a security incident at one of the online retailer’s marketing communications suppliers. This follows a media report yesterday that some customers had received spam at email accounts specifically linked to Play.com.
Ross Brewer, vice president and managing director for international markets, LogRhythm, has made the following comments:
"While Play.com reports that only customer names and emails are at risk – and that no credit card or other confidential information was compromised – this incident is a stark reminder that an organisation’s security and reputation is often dependent on the behaviour of third parties. To prevent these embarrassing and costly breaches from occurring, businesses need to prescribe stricter security policies for their outsourcers.
"Few firms monitor the internal workings of their IT infrastructures, so have little idea how hackers roam around the network in search of valuable information. By stipulating that suppliers must deploy log management solutions, organisations can not only gain forensics into how an attack spreads, they can also receive alerts about any suspicious behaviour, enabling them to prevent a damaging breach from happening in the first place.”
News of this incident comes hot on the heels of new research from The Ponemon Institute estimating that the average data breach now costs UK firms £1.9 million. In separate research, conducted by OnePoll in November 2010, 66 percent of UK consumers said they would try to avoid future interactions with companies which had lost their personal data.