just thought i'd post this as a warning to any of you who have DVD pacific accounts that may have purchased anything lately.

Apparently they where hacked and sent out some users this email



i NEVER received this email,had i received it i would have cancelled my c/c details immediately BUT without this knowledge i receive my latest c/c bill only to find an online sale from some company called wbsales.com for $500 (?280) who i had never heard of so i phone up my c/c company up only to find out it was fraudulent and my c/c company tells me it came about from DVD pacific's website being hacked....dvd pacific hacked i say?...surely they would have let me know had that happened?.....apparently not so now i have had to cancel my c/c and get a new one sent out to me but in the meantime i'm stuck without it,thankfully my bank had refunded the funds to my account with no fuss but it still pisses me off that dvd pacific had this problem and completely ignored the issue and in some cases DENIED it happened and never informed EVERYONE about it

Obviously i sent dvd pacific a nice email regarding there complete FUCK UP and total disregard of customers confidential details and request they inform me of the precautions of what they are doing to prevent them fucking up again

anyone else had similar instances or actually receive an email about this?

now you tell me

nope, THEN I told you

you expect me to read every damn thread here :-o next time you find out about fraudulent goings on please make it in BOLD and preferrably LARGE bright red text

Okey-Doke Skip

This is a violation of the data protection act, if they were a uk company they'd be in deep trouble, unfortunately I'm unsure what the US version of this law entails. Could be grounds for prosecution, certainly needs looking at by the ecommerce watchdog (anyone got the contact info?)

That response is totally half-assed anyway:


That sounds like utter bullshit to be honest. Maybe they've purposely dumbed it down for customers but this is totally insignificant. A core requirement of the data protection act is to provide suitable levels of security.

wanna be my lawyer spud? lets see if we can get some freebies as compo

The beauty is, if they do have a form of data protection act, then its a criminal matter, prosecution will be done by the state

this is in there t&c's

These are not valid claims under this circumstance and the guidelines set out under the data protection act, you MUST comply with the rules regarding the safe storage of information on computerised systems if the government of your business location has signed legislation preventing foul play. They can not shift blame to the customer, if the fault is theirs. Those terms and conditions refer to ambiguous data loss, ie. server crash, trojan on your end, network scanning, etc. These are strict governmental regulations that all companies that store information on you must follow. These are not optional in the uk when sensitive information is stored, so if any company claims its not their fault when something happens without you doing anything, they aren't following the data protection act. Currently, the data protection act is signed by most of europe in varying forms, I have no idea if this applies to the US, but given its prominent position in ecommerce and business, then its an almost certainty. If they do not follow the criminal legislation passed by their government, then they are liable to criminal prosecution (ranging from fines to jail time based on severity). Note criminal, its not a civil matter.

Hypothetically, if I set up a company for online sales, and through incompetance or mismanagement (accident, or unavoidable security breaches don't count) allowed sensitive data to be stolen/given out, then I would be in violation of the data protection act. Bunging some half-assed disclaimer that's been copy and pasted from another site doesn't change the breach in criminal law. I would stress that this is only if it comes about from incompetance, or severe failure to keep up with security measures, or of course mismanagement.

As I said, I don't know if the us has any equivalent laws (any civilised country damn well ought to!), but you should report them to the international ecommerce organisation (i forget their name, but they manage fair and secure ecommerce and attack fraudulant or naff companies) and/or relevant data protection organisations if you suspect that they haven't done enough to protect your data.

However, those terms and conditions refer to loss of data such as you having a trojan or somethings not secure that's not their responsability. The problem here is that their security was insufficient to prevent a breach, this was not something that you were directly involved in. The failure is theirs. They did not secure your data, they did not ensure correct security measures were implemented and failed to respond and stop further damage.

It all boils down to if you think it was unavoidable, or if you think there's serious foul play. If its the latter, then reporting them is the relevant action to take.

i'll wait and see what kind of reply (if any) i get to my snotty email i sent em as to what i do next but my guess is they'll just fob me off with some bollocks and make some vain attempt at an apology and that'll be that i had a look around some e commerce data protection site and spotted the Euro countries that have all got the laws in check but found no info regarding the US...maybe they have no idea/care about that kinda thing? but i am in two minds as to whether to use them again if they hold c/c numbers like they do which is a bit of a shitter as up until now the website has been pretty darn good for service and price

I have never and would never use them, shabby website design = shabby company.

Not including me of course... I'm allowed shabby web design cos I'm lazy as hell

at least the sci-fi forum looks nice even if there's no bugger posting there besides the main 10 users

Not true I'm afraid, they are extremely good and their customer service is second to none IMO.

At least they actually put their hands up and admitted there was a breach of security. My credit card details have been with them before the breach and I have never had any hassle. If I did, I'd just get my CC company to charge it back anyway so I don't see what the fuss is about. I will continue to use them as I always have.

got my e-mail from them today




apart from i never did get that email he says i should have received, i got an email stating i had requested password info (which i hadn't) but nothing that went on regarding fraud or there hacked site and to maybe keep an eye on my c/c bill...so what can you do eh? i also got my c/c bill today which actually had another fraudulent transaction for a similar amount (?287)...but i can't pay any of my bill since my card is now in pieces and i'm awaiting my c/c company to get my new one to me minus these fraudulent transactions