Play.com is hit by a security breach

ONE OF THE LARGEST online retailers in the UK, Play.com has admitted to having suffered a security breach that compromised customer names and email addresses.

In a vague email sent out to customers this morning, Play.com revealed that a company handling part of its marketing had fallen victim to some kind of hack. It didn't name the company involved, claiming that the issue occurred outside of Play.com and no other customer data has been stolen. The INQUIRER has requested more information from the company, and we'll let you know if anything else turns up.

This isn't the first time a problem of this nature has happened at Play.com, which sells stuff like DVDs, games and gadgets online. Back in 2009 customers reported that Play.com sent them emails reporting the dispatch of orders they did not place. This was due to a system error, according to a statement Play.com made at the time.

This time it is a security breach, and according to Trend Micro insecurity researcher Rik Ferguson the fact that a third party suffered the breach does not stop Play.com from falling afoul of the Data Protection Act, as it is responsible for subcontracted third parties. So far, the Information Commissioner's Office hasn't been informed of the breach.

Sophos researcher Carole Theriault made the point that even though Play.com said no credit card information had been stolen, it is wise to keep an eye on your credit card transactions and consider changing your password details. The situation might turn out to be very costly to Play.com. A recent report said that a data breach can cost a UK company an average of £1.9 million. µ