Online retailer Play.com has blamed email marketing agency Silverpop for the data breach which led to customer names and email addresses being compromised.
The breach, which did not include bank or financial details, triggered a raft of spam to Play.com customers, offering software updates from Adobe but actually linked to sites serving up malware.
The US division of Silverpop was hired by the site in 2008 to manage email marketing and communications. But it maintains the only security issue it had been affected by happened last year, and that it had notified all clients at the time.
“Silverpop was among several technology providers targeted as part of a broader cyber attack that occurred in the autumn of 2010,” said a spokeswoman.
“At that time, we very quickly stopped the attack, notified all customers impacted by the activity and began working with the FBI, law enforcement and third party security experts to help identify those responsible and take any additional steps necessary to ensure this did not happen again. We are confident that the breach last year remains an isolated incident.”
Play.com apologised to users yesterday, but has now issued an official statement from chief executive John Perkins that downplays the issue, claiming: “Play.com has one of the most stringent internal standards of e-commerce security in the industry. This is audited and tested several times a year by leading internet security companies to ensure this high level of security is maintained.
“On behalf of Play.com, I would like to once again apologise to our customers for any inconvenience due to a potential increase in spam that may be caused by this issue.”
Related stories:
Play.com rocked by data breach
£2m clean-up bill for data breach
tut, tut