Entertainment etailer Play.com is being investigated by the Information Commissioner’s Office (ICO) for a possible breach of the Data Protection Act.
An error resulted in hundreds of the etailer’s customers’ personal details being emailed out to others.
One customer who contacted Retail Week received more than 100 dispatch notification emails destined for other Play.com customers in the early hours of November 6.
Each email detailed a shopper’s name, registered email address, order reference, cost, method of payment and registered delivery address.
An ICO spokesman said: “We have received a small number of complaints regarding Play.com which we are looking into.”
A Play.com spokeswoman said: “Some of our customers were affected due to a technical problem for a short period of time. Each of these customers have since been contacted. We’d like to reassure our customers the cause of the incident has been identified and resolved.”
The customer who contacted Retail Week is worried about the “potential for fraud” as the details sent out could help criminals answer security questions on customers’ accounts, which Play.com based on their name, email and address.
Play.com helplines were said to be jammed as customers reported the error, although the retailer would not reveal how many individuals were affected.
The customer Retail Week spoke to said he received a generic email from the etailer apologising for the error, which “appeared to imply” it was not just him who had received the emails containing customer details. “This is something that I find particularly concerning,” he said.
The ICO spokesman added: “Any organisation which processes personal information must ensure that adequate safeguards are in place to keep that information secure. This is an important principle of the Data Protection Act.
“Failure to protect personal details could lead to information falling into the wrong hands and ultimately the loss of customers’ trust and confidence.”
The Play.com spokeswoman said: “We take these matters very seriously and, following our investigation on how this incident occurred in the first place, we’ve taken the relevant steps to prevent it happening in the future”.