IMPORTANT: Announcement for all members who have purchased GADC merchandise in the past

Dear club members,

The supply and distribution of Grey Arrows merchandise is provided by our partners at Spreadshirt.

We have been contacted by Spreadshirt this evening and have been informed of an active security incident whereby an unauthorised third party may have gained access to parts of their platform (they may have been hacked).

If you have purchased any Grey Arrows Drone Club merchandise we recommend you immediately update your Spreadshirt account and change your password.

The details of the security breach are still unfolding as this is an active incident and Spreadshirt will be updating the following page with details as often as they can:

Please continue to monitor the Spreadshirt web site for further updates.

Both the Grey Arrows Drone Club discussion forum here, and the Drone Scene platform, are unaffected by this issue and your accounts here are still very much safe and secure.

May we take this opportunity to remind you that we offer multi-factor authentication (MFA/2FA) on our forum / Drone Scene too and we recommend you enable the extra security layers where possible.

1 Like

An update from Spreadshirt this morning:

The help page they’re referencing:

Should this topic be automatically deleted in 20 days as some members might not have seen it by then?

Would it also be best to email all members informing them of this data hack

Thanks Wayne, I’ve removed that automated timer for now.

I am assuming Spreadshirt have directly contacted all their customers that have purchased from them, we’re just sharing the info here as a “just in case” and doubling up. Perhaps I am wrongly assuming :thinking:

Could someone could confirm if they’ve heard from Spreadshirt directly?

1 Like

Chances are most have paid by PayPal with no login … so no account details to be hacked. Certainly the case for me.


Funnily … email arrived today.

Since even they can’t retrieve my name from their own records, I reckon I’m safe!


1 Like

Personally I would still email them asking exactly what information of yours was released

The only info they ever had was my name and address … which is pretty much public info.
There was no account
There was no username
There was no password
There was no payment data … other than PayPal which is protected by PayPal’s own security.

The data release was down to there own insecurity and these companies have a duty of care to look after it, these insecurities come down to money, if they had invested more or paid the management less! the site may have been protected better, I, like yourself always use Paypal for these reasons.

But still I would be putting pressure on them to find out how much of my information was released.