More wtrl incompetence - Data Protection

this is getting beyond a joke now with their incompetence, an email sent out this morning containing the emails of a lot of users, I’m assuming it is captains/managers as it was addresses to our team manager and I’ll guess whoever sent it doesn’t know how to use mailchimp correctly for mailing lists.

Is ZHQ going to do anything about taking over the series completely and running it in house rather than out sourcing to a 3rd party after yet another data breach from them? This is the 2nd data breach now in less than 12 months and quite frankly i’m disturbed this sort of thing is going on and ZHQ is not doing anything about it especially after the last time or am i going to get maintenanced again for bringing this up?


WTRL-ZRL is sandbag-central.

Maybe Zwift should bring it under their wing and use CE since this might (eventually) become the default until a points system is (eventually) introduced.

I have been ignoring WTRL since they maintenanced me earlier this year. I wanted to delete my WTRL-account back then, but there didn’t seem to be a way to do that.

Just checked again, still no way of deleting your account with them. I guess 'll just have to retire the email i used for their page…

It went to all ZRL team members by the look of it in batches of 500 users at a time so about 16000 people.

I assume they are working through the various GDPR hoops they should be following now and we’ll get a further update on how it was able to happen and steps they have taken to prevent it in future.

Never mind data protection laws if i was ZHQ the above would be the minimum i’d be asking WTRL.


I’m not a captain/manager (though I have been in the past) and I got the email. Of course it’s entirely on-brand that they would keep my data long after it’s appropriate.

TBH I’m more bothered that they called me Eric :slight_smile:

1 Like

Come on now guys, this is really unfair. One of them claims to be a billion dollar corporation, the other one assured us they don’t make mistakes. I think highlighting these issues is not playing fair.

Lets be honest here, no one could have predicted that a company that previously had data protection issues would repeat the same issue in quite a short space of time down the road.

Lucky we got professional 3rd parties in running the biggest event on zwift - Think about the issues a cowboy outfit would run in to.



Repeat after me, “Everything is working as intended”…


This is terribly disappointing and somewhat disturbing.

That was my primary email address I use for everything personal in my life now at least 498 people have it and god knows who else.

What can be done about this, how do we know our data is secure and safe? I need advice on this one?


Sit back and wait for the flood of e-valentine cards from your secret admirers?


And wait for this thread to be closed???

1 Like

I will only comment to say :-

I am still banned from WTRL facebook groups for raising privacy concerns.

To say anything more would be considered “bullying” and “harassment”.


I just went to “Connections” on - interestingly, there is a way to opt-out of Zwiftpower there, but no way to revoke the authentication given to WTRL even though it seems to be using the same SSO. Strange. So once you have given your consent to WTRL, there is no way to revoke it again? That must be an error on Zwift’s side…

1 Like

yeah I don’t think they reinstated anyone that got maintenanced back to the Facebook page and because its Facebook zwift cant/wont do anything about it

are zwift going to comment on this new data breach at all?

1 Like

Are there any lawyers from the EU here, maybe we have a class action lawsuit on our hands?

you could look through the email list and find one attached to a law firm but if you ask me (not a lawyer) i think this is a non starter

I’m sure you are correct, I have no idea what the rules are for GDPR in the EU… maybe they will get fined?

being a non-eu company probably nothing and very hard to enforce. Zwift on the other hand have EU/Uk presence to should be concerned that all their 3rd parties are following GDPR rules where possible.

it’s a stupid breach and a completely avoidable one too but i doubt anyone is lifting a finger for 16k email addresses, it’s not worth enough money to anyone, both lawyers and criminals. zwift HQ should probably assign someone who knows what the ■■■■ they’re doing to ZRL’s data management team asap however

1 Like

They called me Antonio.

I might adopt it :heart_eyes:


They didn’t use my preferred pronouns and I’ve been told that is an act of violence… now can I sue?