Hello Colinsunderland,
We’ve not been in touch as there isn’t a lot to say – we've said it before and repeat it with conviction that there has not been any mass “Data Breach” and the insistence of such claim by yourself especially in public forums is defamatory.
Rubbish. That would only be the case if not true.
If you know for certain that your email has been leaked as a result of a breach happening on our platform, we challenge you to come forward with any evidence that you may hold and hopefully if that does indeed reveal that there has been any security incidents then we can place all necessary security resources to the task, involve the authorities and tackle the matter in accordance with best security practices.
You mean like I have already on this thread and also to Matthew in more detail over a year ago? Just to be lied to about things like, 'we have never used sendgrid as a mailing list provider' and then later 'we have only used them for affiliate emails' both of which were lies, weren't they?
Unless and until you are able to do that, the evidence you have is simply circumstantial and your claim that your email has leaked from us is purely speculative and your intentions treated as being malicious.
The leak was from sendgrid, your mailing list provider back then, but you are responsible for the data and informing your customers if required.
If you are really concerned about our information security practices, we encourage you to report the alleged incident to our lead Data Protection Authority and we're happy to deal with the matter with them directly. We've got nothing to be worried about.
Furthermore let us just share with you details of an internal investigation carried out by our ISO certified security team (a security team who secured ISO 27001:2013 and are made up of professionals in information security):
A search on your email addresses has identified that one of your accounts has been used on 8 different breached websites and the other on 3. Perhaps you can make sure that your PC is well protected and check whether 3 years ago it might have actually been your own PC or accounts that were directly affected by an incident. This is information we are able to obtain through publicly available means through some professional know-how. Allow us to encourage you to secure your accounts, change your passwords, use different passwords for different accounts you have and adopt 2 factor authentication.
you mean you typed it into haveibeenpawned? I can assure you, my email address starting with guts@ has ONLY ever been used to register with guts. The fact other breaches have occurred with other companies is neither here nor there. The initial breach came from you, via your mailing list company,
In relation to the incident where basic personal data was shared with you as shown in the screenshot you shared, as you know, that was a human error made which we have apologised for already. The third party whose details were erroneously shared with you, was contacted to inform about the incident immediately and a data breach notification was submitted to the Data Protection Authority (IDPC). The authority has dealt with the matter and the case is closed.
Still a breach, which is my point about how secure people's data is with you. Lets be clear, I was at the time, complaining about your lack of data security. I asked for some information in regard to that, that you then treated as a SAR. Your head of legal then breached data protection by sending me someone elses detals. You would think if someone was complaining about a lack of data security, your head of legal (you possibly?) would double check he wasn't doing the exact same thing I was accusing you of?
At that time we also asked you to destroy the evidence that you have and it now appears clear that you have not done so. Therefore you should be reminded that you are in possession of personal information of third parties without consent and this is not covered by the exception of personal and private processing of personal data. Allow us to mention for the benefit of everyone else reading this forum that this matter has been handled in line with best practices.
I didn't because I don't like being given veiled legal threats that have no substance. Next time your staff threaten someone, it might be an idea to check that the threats are actually credible. To be clear, there is no legal reason why I should destroy the information, you know, because I'm not a data controller, which is what I told you at the time.
Could we also remind you that all exchanges via email between yourself and our company are private and confidential. Perhaps we should also remind you that the law applies to you as well and sharing names and details of our employees in public forums without consent may be in breach of regulations.
There you go again with your veiled comments. Which law is that? And I 'may' be in breach of regulations? Surely as the director of legal, you know if I am or not. Which regulations are you talking about?
Therefore, in conclusion to this, there is nothing that we are trying to hide and we urge you to provide all the evidence you may have that your account has been leaked through an incident that we have suffered or were responsible for.
Regards,
Director of Legal
Guts.com
I am more than happy to share the content of our emails on here, which has evidence, along with what has already been posted on the thread. Just to be clear though, I will share the full emails, showing me being lied to and your threats, feel free to post saying if you want me to do that, I have nothing to hide and stand by my previous statements.
Lets also be clear at this point. At no point did I ask you to make a statement on here. Matthew offered to do so once his investigations were complete. That was in June last year. Since then I have heard NOTHING. Not a thing. Despite me sending follow up emails, which were ignored. Do you think that is acceptable. You quoted my post with that promise in, here it is again in case you missed it
'Once compiled and accurate and both you and I are comfortable, I would like to update the forum as a whole on the outcomes of some of the legacy claims and any necessary resolutions. Please appreciate I will have to be sensitive to the various regulatory and commercial influences but I see nothing wrong about creating transparency and then being able to move forward with the forum.'
So YOU (GIG) said you would update the forum, not me. There was no pressure or request from me for you to do that, and I was happy for the matter to be resolved privately, and from when Matthew contacted me, I didn't post on here about it any more, until he decided to stop responding and not do what he promised to do. Would you like to explain why Matthew stopped replying to messages, didn't update me any further and hasn't updated the forum as he promised? The only reason I can see for that, is that he found something that backed up what I was saying but didn't want anyone to know.
Funny how you only responded on here after I posted about your dodgy affiliate that you told the forum had had his account terminated, still having his account and promoting you, in breach of the CAP code. But then the fine for that is a lot more than a fine for legacy data breaches, isn't it?
You have my details, if you feel my comments are defamatory then feel free to send a legal notice to me to my address you have on my GUTS account. I look forward to receiving it.
EDIT: Just going to do a quick edit on this point, as I had to double check email history before I posted
Could we also remind you that all exchanges via email between yourself and our company are private and confidential.
Remind me implies that you have already told me this. You haven't, not a single one of your emails have stated private and confidential nor anything similar.
Please don't try to mislead forum members that I am going against a request you have previously made, when you haven't done anything of the sort. Lets also be clear, your emails were not encrypted either, so if you were that concerned about them being completely confidential you should have encrypted them.