Entertainment etailer Play.com has suffered a possible security breach after customers complained of receiving spam emails to addresses only used for transactions on its site.

Play.com admitted some of its customers’ personal details may have been compromised and emailed them to warn of the breach, advising them not to reveal any financial details on email.

The Information Commissioner’s Office (ICO) said it was monitoring the situation.

Play.com chief executive John Perkins said: “We believe this issue may be related to some irregular activity that was identified in December 2010 at our email service provider. We reacted immediately by informing all our customers of this potential security breach in order for them to take the necessary precautionary steps.”

Play.com has been in hot water with the ICO before, and was investigated for a similar possible breach of the Data Protection Act in 2009. In this case, the ICO is working in conjunction with the Jersey Data Protection Commission (JDPC) as the Play.com registered office is in the Channel Islands.

JDPC said it was happy with the etailer’s proactive response, but is “investigating how Play was dealing with it and how they are reassuring the customer”.

The etailer said it believed no financial or personal details to have been exposed, other than email addresses. Play.com said it had taken steps with its email service provider Silverpop to ensure no further breaches occur.