Bleeding Cool has noted Diamond Comic Distributor's campaign to get comic book stores to use their Final Order Cut-Off forms this past week for certain Marvel Comics for the first week in January. These titles weren't on the retailer order form and can now only be ordered through FOC, today. And how around half of stores, as of last week had yet to fill theirs in, and so would be without any copies of Thor #1, Star Wars #1, X-Men #6 and others, as Diamond is the only way comic book stores can order weekly comic books.

Bleeding Cool understands that as part of a series of e-mails sent out by Diamond representatives to comic book stores who had yet to fill in their FOC, that they erroneously included sensitive commercial data, including the address of every single live Diamond account, and their average monthly and yearly order amounts of what is presumed to be their Marvel Comics orders.

Those who received the file were able to compare their own sums with those of other stores, and note a disparity in the market. Certain megastores ordering ten to fifteen times the average store number, with online store DCBS at the very top, closely followed by Midtown Comics who have a number of stores in New York and handle the distribution of Marvel's subscriptions and comp copies to creators. And giving us a total of the amount of direct marked accounts currently ordering from Diamond at 2144, a higher figure than had previously been estimated. That also includes online stores and buying clubs as well as comic book stores, but as with Midtown, some stores order as a collective, split across a number of stores. However, the listing of a number of European direct order stores might also make this leak a breach of GDPR legislation.

Now, this information was distributed to around two hundred stores, and was clearly in error, but it includes some of the more valuable data in the comic book industry, something that Diamond has, understandably, maintained a monopoly over. I understand that Marvel Comics was informed of the leak, and a number of… interesting conversations have been taking place since.

Today, Diamond will be issuing the following statement to all retailers. Personal contact details have been redacted.

On November 22, 2019, a Diamond Retailer Services Representative mistakenly appended an internal reference document to an email that went to approximately 200 retailers. The document contained account contact information and partial sales data for our customer base, including your store's information. Retailers who received the file were notified of the error within one hour and asked to delete the email message and attached file. Diamond Comic Distributors takes such incidents very seriously and will train employees and implement additional security. Furthermore, retailers whose sales figures were included on the attachment will be contacted directly at the email addresses on file. For further information, please contact XXXXX at (443)-XXXXXX or (XXXX@diamondcomics.com). As you may know, Geppi Family Enterprises has begun a technology transformation effort. Data security is a significant component of this effort. This project is being led by our technology consultants and business leaders, ensuring that the data with which we are entrusted is as secure as possible at every level of our organization. We take full responsibility for this error. We appreciate your patience and partnership as we work toward full resolution. Sincerely, Stan Heidmann, President, Geppi Family Enterprises