Cyber attack ‘could not have been prevented’
Saturday 30th July 2011, 3:59PM BST.
Paul Vane, the deputy Data Protection Commissioner.
A CYBER attack on email addresses belonging to customers of a Jersey-based online retailer was almost impossible to prevent, the deputy Data Protection Commissioner has said.
In March this year, Play.com urged customers to be vigilant after their email addresses were stolen in a major security breach.
The breach occurred after hackers attacked a United States-based organisation which handles email marketing on behalf of the Jersey firm.
In a statement released yesterday(FRI), Paul Vane, Jersey’s deputy Data Protection Commissioner, said that the breach was caused by a ‘professional cyber attack’.
See Saturday’s JEP for full story.
Read the full story in the Jersey Evening Post. Click here for subscription details. Individual editions are also available online.
Travel
To, from and around the Island
Airport Arrivals/Departures
Harbours Arrivals/Departures
Bus Information/Timetables
JOIN US ON...
Facebook and Twitter
Follow us on Facebook
Follow us on Twitter
Got a story? Get in touch
KIT 4 CLUBS
Win a share of £10,000
2012 is the year of the London Olympics and to celebrate this great event the Jersey Evening Post, in association with sponsors Ogier is giving all sporting clubs a chance to win a share of £10,000.
This is Jersey
Jersey Evening Post
Useful links
Why were they using an American company for their email marketing? There are UK and Jersey companies which also offer this service.
Furthermore, in the EU/UK exporting personal data outside of the EU in this manner would be against the data protection directive. I know that EU law does not apply here, but following best practice wouldn’t be a bad idea would it?
Report abuse
Could not be prevent???
Rubbish, so what is been said that this can happen again and customers payment and details are still not protected?
Well, I’m removing my details from Play.coms site
Report abuse
caused by a professional cyber attack?
should have employed professional security, eh? Or at the very least checked that the marketers were up to scratch.
Grabbing e-mails seems not to be so hard, though. Yahoo, earlier, this year managed to lose my password, too.
Bottom line: if it’s online it’s available.
Report abuse
B@ll@cks.
As a person who has worked in software development and information security the above shows that the Data Protection Commission know nothing about the technicalities of the subject.
One word – Encryption – if a file is encrypted then the data within it is not accessible or readible.
Basically play.com have done some marketing on the cheap, client data has been stolen and so as not to fall foul and lose their internet licence with pay pal or whoever they have had to be given a clean bill of health by the local regulators.
Cover up and white wash.
Report abuse
To concerned here we have virtually word for word the same law but its the data protection 2005 jersey law. As with the uk data can be exported outside the eea as long as security measures are in place. However as Information security points out above one has to question if they could really say security measures were in place. If our deupty commissioner says it ok as the expert on his own law I’m sure its all fine…..
Report abuse
Bo 2.
Re: “Well, I’m removing my details from Play.coms site”
Bit late, Bo, the hackers already have you.
But try not to worry too much, the worst-case scenario is that the hackers targeted the email server as an outrider to a massive attack on the company’s communication system and its users.
However, it is far more likely that they will simply resell the stolen data to unscrupulous competitor-companies.
So, if I were you, I’d just change my email address. Because, no matter what their intentions, the hackers now have the email addresses of actual users on the network which roughly translated means “easy” access to a treasure trove of confidential information…yours included!
Report abuse
@ 6, maybe I should have written ‘I’m removing my details from Play.coms site, due to their still insecure methods on security. BTW, I stopped using play.com years ago as they are too expensive, they have an old email address of mine.
Information Security @ 4 is correct in their comments, well said.
Report abuse