Not sure why you’re fixating so much wwaswas – it’s been stated on their FB that they are investigating. Sometimes things go wrong. They are investigating with a view to a fix. End of story. Move on.

as porridge and/or massive fine

Half right – unlimited fines, not prison for accidental breaches, even if blatant negligence is the cause.

We’ve had a ICO investigation after andaccidental DPA breach, it’ll likely come down to what was in place and how seriously the protection of data was taken:

If they had tried to do things right, had policies in place and processes that should have kept private data private, but something went wrong with them, probably nowt to worry about assuming that the issue is dealt with promptly and capably.

If they had never given a thought to security of private data, had nothing in place to protect it, no policies or person taking responsibility then problems aplenty from the ICO…

For the ICO to even take it half seriously though, there would have to be evidence that the breach was likely to cause harm (including distress) to the subjects whose data leaked, it’s not necessarily meeting that threshold just from another cyclist getting a fleeting glimpse at your shopping basket tbh

Not sure why you’re fixating so much wwaswas

Hmmm. The words kettle, pot and black spring to mind. Do you really have no connection with Superstar?

Not sure why you’re fixating so much wwaswas

I’m equally not sure why you’re insisting on posting on and trying to police a thread about an event that didn’t involve you and for which your sole criteria seems to be ‘I rode with him once and he seemed like a nice bloke’?

Random strangers were presented with my personal details. I feel that saying ‘maybe just buggering off home and ignoring the problem was inappropriate’ is a reasonable stance to take.

I also note that they are still accepting orders and allowing people to use the site despite now knowing that they are breaching data protection laws. That’s not an ‘outage’ that’s illegal.

Anyway, perhaps you should move along and let those of us who might feel aggreived at the approach taken to our personal data air our views?

Not sure why you’re fixating so much wwaswas – it’s been stated on their FB that they are investigating. Sometimes things go wrong. They are investigating with a view to a fix. End of story. Move on.

Normally when people (I) say that they are (I am) investigating the issue it means I’m still having my breakfast and until I make a second pot of tea would you leave me alone. It could also mean I have no idea how this ****ed up or what has actually happened and pass me another tea and some hob nobs while I make it look like someone elses fault

I was on their website yesterday buying some pads at around lunchtime without a problem. You have obviously had an issue (which in my opinion is a minor one) and have chosen to use that to try and damage someone’s business for some reason.

Your headline is ridiculously out of proportion and your ongoing comments seem a bit tinfoil hat if you ask me. I can get your name and address out of the phone book.

I just logged in and there is no problem.

edlong – Member
For the ICO to even take it half seriously though, there would have to be evidence that the breach was likely to cause harm (including distress) to the subjects whose data leaked, it’s not necessarily meeting that threshold just from another cyclist getting a fleeting glimpse at your shopping basket tbh

But this isn’t shopping basket data is it? It’s personal data (names, addresses, phone numbers). The fault was found yesterday at 16:00? and the site is still up. ‘Normally’ the site would be taken offline and a maintenance page put up whilst its sorted. That would be regarded as reasonable action. Ignoring it and continuing to trade is not.

Grum – absolutely not mate, I just hate seeing these kind of lynchings, especially when a lot of the thread content seems to be driven by an old grudge for what some perceive to have been a slight against STW some time back. I might be accused of being a bit of a devil’s advocate in this thread perhaps – but just presenting a point of view that I hold, given I work in an industry that has to be on the receiving end of customer’s online complaints, and having seen people getting disproportionately upset.

Oh and I just put an order through, so if anyone sees my details pop up for 2 x 4 packs of Kevlar pads (one bundle for Saint/Zee and one bundle for Avid), a Flatland 780 bar and a 183-203 F brake adaptor going to Bristol, that’s me. Oh and the address is for my office in case any of you are burglars hoping to rob all my bikes! 😉

Anyway, perhaps you should move along and let those of us who might feel aggreived at the approach taken to our personal data air our views?

We’re going to have to disagree here. I’m not for one second saying you are wrong for being aggrieved. I am however saying that some of the responses on this thread do seem disproportionately emotionally loaded and worried. I’d expect someone to be able to accept (as I do) that there might be another point of view than my own. Just saying.

I’d expect someone to be able to accept (as I do) that there might be another point of view than my own

but you still type;

End of story. Move on.

as if your view is the only valid one.

tbh, I am a bit pee’d off that other people saw my details but I’m not overly concerned about it as a one off event. I was probably as annoyed by the OP putting my name in the thread.

I am concerned that there may be security issues with his software beyond what we’ve seen that would allow a more directed attack deliver significant quantities of personal data to those chosing to do it.

I don’t feel I’ve been over emotional or disproportionally upset but, equally, I’m not just going to stop posting on a thread because someone unconnected with the business says ‘they’ve made a statement on facebook so it’s all over now’

If those who feel this thread is too much stopped posting I suspect discussion would die down and it woudl drift off the front page.

why does andyrm refer to him/herself in the third person?

SSC have history and its not glorious

this thread was best summed up by “i once vowed never to use them again but got sucked in by a bargain”

andyrim – take heart, the bargain basement marketing ploy worked. suggest you add the IT systems to the long list of stuff needing fixed.

It seems to me that user session data is getting “leaked” to other users (as mikewsmith mentioned), not sure how that’d happened unless it’s cache related which would be backed up by cheap dropper posts = higher load and has actually been a bug all along but only now been detected.

IMO the site should have been taken down when the bug was reported by multiple users and stayed down until fixed. If I’m correct then I’m not actually sure what else superstar could have done as it’ll be a bug in software, they certainly should have knocked the site down though.

FWIW I’ve just ordered a pair of grips from then anyway…

why does andyrm refer to him/herself in the third person?

SSC have history and its not glorious

this thread was best summed up by “i once vowed never to use them again but got sucked in by a bargain”

andyrim – take heart, the bargain basement marketing ploy worked. suggest you add the IT systems to the long list of stuff needing fixed.

soobalias – I suggest you speak to Drain off here (link to his profile: http://singletrackworld.com/forum/profile/drain ) who I am sure will be happy to confirm that when he met me in person at Bristol Temple Meads to pick up some brakes, I was me, not Neil from Superstar, and that the payment details he used to pay me for the Maguras were in my name, not someone elses. Good attempt though, but next time, try and make accusations that are factually correct 🙂

But this isn’t shopping basket data is it? It’s personal data (names, addresses, phone numbers). The fault was found yesterday at 16:00? and the site is still up. ‘Normally’ the site would be taken offline and a maintenance page put up whilst its sorted. That would be regarded as reasonable action. Ignoring it and continuing to trade is not.

Names and addresses are not sensitive personal information. In fact, the ICO gives this as a specific example of something that is NOT reportable as it doesn’t contain sensitive personal information. Add in NI numbers, dates of birth or similar, then you’ve got a serious breach of the DPA that needs to be reported to and investigated by the ICO, but if it’s names, addresses and phone numbers only then it really doesn’t meet the threshold, in fact for anyone who’s not ex-directory, it’s public domain already (the phone book).

While a bit embarassing for SS, those of you getting in a froth about the DPA, massive fines and talk of imprisonment need to calm down, acquaint yourself with how the ICO / DPA actually work (the ICO website is really helpful) and stop trying to equate this with serious losses of sensitive personal information, which it clearly isn’t.

As a bit of perspective, I was involved with a ICO case where an organisation had lost a laptop, which was not effectively secured, and the hard drive of which contained information about individuals which included sensitive medical information. They had things in place that should have prevented the data being accessible, but those things didn’t work in that instance due to a combination of factors, and they took prompt and reasonable action to manage the incident. The ICO took no action.

Did the lappie have a remote self destruct button? 🙂

we had one of those ed. I found out who security had to tell and made sure nothing ever left my sight ever again 🙂

My worry was more that the info presented was the symptom of something worse.The assumption was that it was to do with the e-mail but there is always a chance of hacking. Hence why suggesting the site should have been taken down.

Jeez, just started reading this thread and thought for a moment it was going to say Superstar had run out of Haribo’s!!!

Panic over.

Jeez, just started reading this thread and thought for a moment it was going to say Superstar had run out of Haribo’s!!!
Panic over.

🙂

I think they may have. A set of superstar canti pads arrived today – no hairybaws

As my dad found out recently all that the scum out there need is a name, address and telephone number to acquire a mobile phone from Vodafone.
So although it might not look serious it is.

Phone book, directory enquiries?

Random strangers were presented with my personal details

What personal details are these exactly?
Name and address? Anything more than that?

If it was just name and address I can’t see the problem. My postman sees mine every day.

Can’t comment on ICO compliance, but in terms of best practice, any organisation that I have worked for would regard displaying customer details to the wrong customer as a very serious incident.
I have always been advised that any data that uniquely identifies an individual is potentially sensitive. So a name on it’s own, no problem. Name with address, potential issue.

“Oh, I can see Mr Smith of 10 Main Street is buying a dropper post and a load of disk pads. Hmm. I wonder what Mr Smith might have in his garage at 10 Main Street?”
Not sensitive?

Sure, your postie sees your Wiggle boxes being delivered, but there will be processes in place to mitigate that risk. I’m not suggesting that the company in this incident has been negligent. Things go wrong, and I’m sure they are doing their best to fix the problem (and may already have done so). Showing customer details to the wrong customer is still a serious incident for any company that takes its reputation seriously.

The simple fact of it is that “Mr Smith lives at wherever” isn’t sensitive. But the clincher is that Mr Smith whop live here, has bought things from This Shop. That becomes ‘Sensitive’. Even before email addresses and phone numbers are disclosed. Basic notion being one rule must fit all in such scenarios, and so there can be no difference in law if Mr Smith has bought brake pads and a dropper from superstar or he has bought a blow up doll, 4 butt plugs, an SS uniform and some poppers from Loveitupyourarse.co.uk – revealing either of these is viewed the same way, so as to protect against any judgement of what is or isn’t shameful/proper etc. To be honest that is fair enough. Mr smith has the right to put kevlar pads up his bottom in the privacy of his own room before donning his ss uniform and shredding the local woods.
It is not the information that is bad, but the fact that the origin of it reveals information about the person.
It hasn’t stopped me from buying SS today. Though I do limit what I buy from SS based on the fact I’m yet to hear of one uncontested warranty claim – ever.
I do also suspect it is this and other similar things that result in such witch hunt subtexts to threads.
Hope have (as has been shown on these pages) a lot of warranty claims, but then they sell a lot of stuff, only they know the true figures behind it, but they deal with warranties in a way that has people singing their praises. But they also are not a budget brand, and aren’t so close to the bottom line as I imagine SS operate at so maybe a more lenient attitude doesn’t threaten the business and they feel they can take the longer view.

Not sure what my point is, other than, “Sings and Roundabouts, init”.

Tried loveitupyourarse.co.uk but got nothing

Like I’m actually going to infringe my own privacy and tell you were I buy my double penetration masochistic threesome dolls and animal sounds tapes…

Well, for what its worth, Neil/Superstar have been in contact a few times today, basically they/he seems to think its a small minority of people from a short period of overloading on their website. As many people have pointed out including Neil/Superstar many of the details may be available in the public domain…

However, I stand by my initial distress and confusion as to what was actually happening to my details, the extent of which I (being a non IT/Banking technical expert – unlike many of the quite unsavoury keyboard warriors on here.) had no idea.

I also would like to point out I have NO problem with Superstar (hence being on the site in the first place to actually buy something – or did that slip your oh so big minds!) I do not work in the cycling industry atall and never have done. I DO have a problem with any company bar none who have a security breach for whatever reason resulting in my data being leaked when it was left in good faith – see the DATA PROTECTION ACT!

To all the people who I see/read on here who have become offensive with regards to OTHER peoples data being sent around. Why dont you post your Names and addresses, phone numbers and emails and any other details for the world to see.

No.

I didnt think so.

Now I shall return to just riding my bike. I knew there was a reason I didnt “log in” very much.

Hope to never see a few of you on the trails. Im sure the feeling will be mutual. I apologise to the named person, never meant to cause you distress either, just to inform you/ others. Over. 😐

FYI I have never bought anything from superstar components and am unlikely to buy anything from superstar components in the future so please do not suggest otherwise.
Thanks.

Mr Smith has bought brake pads and a dropper from superstar or he has bought a blow up doll, 4 butt plugs, an SS uniform and some poppers from Loveitupyourarse.co.uk

I am also distressed that my internet shopping history is being thrown around here like this. I did by brake pads from them and they were rubbish, I am ashamed.

Well, for what its worth, Neil/Superstar have been in contact a few times today, basically they/he seems to think its a small minority of people from a short period of overloading on their website.

Has he stated that he intends to investigate/fix the problem?

Yes but that was way back on page 2. You may have missed it in in the outrage.

HOW DARE YOU MISS IT IN THE OUTRAGE! THAT’S OUTRAGEOUS! APOLOGISE!

ROYAL MAIL WARNING! ROYAL MAIL WARNING! PLEASE READ!!!!!

Very disturbed to report that when I got home from work, I had SEVEN letters on my doormat. This means that not only do Royal Mail have my personal details (name & address), but in a few cases, because of sender addresses being on the back, THEY KNOW WHO IT WAS FROM! Firstly, who do I complain to? Secondly, I need to warn all of STW that Royal Mail possibly have your details too.

To further compound the issue, the postman* has seen me on my bike at least once recently. This means that not only does he know where I live, he also knows my name and that I have a bike. What are my rights?

*note: he was struggling a bit with the weight of his post bag so I also would like to warn all of STW that he is clearly “not fit for purpose”.

So you’re happy to put your name, home address and phone number on this thread to prove it’s not a problem for people to know it?

Also, for someone who wants this to go away you seem to be bumping the thread on a regular basis?

It’s yesterdays news now, anyway, and as someone familiar to you posted earlier.

End of story. Move on.

Waswas – here you go! I’m not worried, it’s out in the public domain anyways.

Andy Nelson
44 Stevens Crescent
Totterdown
Bristol
BS3 4UJ

And I thought the last couple of comments before mine were pretty funny, hence replying. Sorry for any offence caused by replying with a little bit of humour 🙂

AndyRM earlier

RM is that the Royal Mail, were you the postman do you deliver your own letters..

Anyway those who don’t care that your name, address, phone number and e-mail were shown to others paste them here now.

Also as the issue wasn’t resolved very quickly what other security holes were opened?

Hope to never see a few of you on the trails. Im sure the feeling will be mutual. I apologise to the named person, never meant to cause you distress either, just to inform you/ others. Over.

^^^Flounce!!

RM is that the Royal Mail, were you the postman do you deliver your own letters..

I’m definitely not a postman.

Still I am quite chuffed to have been implied to be both a bike part manufacturer boss and also a postman in 24 hours. If only there were enough hours in the day 😀

And I thought you were just an opinionated pseudo expert on data collection/sharing/protection and sometime enthusiastic defender of Fruit and his empire.

Now if Fruit were really good at customer service, he’d come here and explain what went on and what he’s done to ensure it’s fixed and never happens again.

Dismiss it all you like, sharing data like this is not what competent, professional organisations seek to do.

no phone number or email Andy?

Who paints their house turquoise?

😉

the wall ties need some attention too – cracks in those places probably mean there’s a bit of movement.