"It wasn't our fault" sighs Play.com after security breach

Play.com, which admitted it suffered a data breach, sent out an email update to customers late yesterday evening in which it further washed its hands of irregularities.

It was more than happy to pass the buck to its email service provider, Silverpop. It said that the security update, sent 20th March, regarded bizarre tinkerings in email back in December 2010. At that time last year it said investigations didn’t turn up any evidence that email lists had been downloaded.

The reason for the security alert was because some customers reported spam email to email addresses that they only used for Play.com. Play claims that no sensitive details were pinched – just email addresses. “All the necessary steps” have been taken with Silverpop, it says, to make sure a security breach doesn’t happen again.

Play ends the letter attempting to reassure customers, saying its e-commerce security is one of the most stringent and robust in the industry, and audited several times a year by “leading internet security companies.”

The email, signed by John Perkins CEO but possibly sent out by a mystery prankster through Silverpop ends with another apology saying soz for the spam.

Here’s the memo:

“Dear Customer,
As a follow up to the email we sent you last night, I would like to give you some further details.

On Sunday the 20th of March some customers reported receiving a spam email to email addresses they only use for Play.com. We reacted immediately by informing all our customers of this potential security breach in order for them to take the necessary precautionary steps.

We believe this issue may be related to some irregular activity that was identified in December 2010 at our email service provider, Silverpop. Investigations at the time showed no evidence that any of our customer email addresses had been downloaded. We would like to assure all our customers that the only information communicated to our email service provider was email addresses. Play.com have taken all the necessary steps with Silverpop to ensure a security breach of this nature does not happen again.

We would also like to reassure our customers that all other personal information (i.e. credit cards, addresses, passwords, etc.) are kept in the very secure Play.com environment. Play.com has one of the most stringent internal standards of e-commerce security in the industry. This is audited and tested several times a year by leading internet security companies to ensure this high level of security is maintained.

On behalf of Play.com, I would like to once again apologise to our customers for any inconvenience due to a potential increase in spam that may be caused by this issue .

Best regards,
John Perkins