EE data breach 'led to stalking'
Hey everyone! I was watching the news this morning and they actually discussed this on BBC news, I thought it would be interesting to add!
An EE customer was stalked by her ex-partner who accessed her private information through the company. The worker used his position to access her phone number, address, scanned drivers license (and other documents) and bank details.
Back in February, her phone number and SIM card was corrupted. When contacting EE, customer service explained that her account and phone number had been registered at a new address, the address of her ex. This meant that her ex could receive all private phone calls and text messages sent to her.
I just think its interesting what data EE had access to and how easily her ex-partner could access it. EE apologized for the actions and confirmed that this should not have happened because of the GDPR terms that were put in place last year for customers in the EU. The ex-partner did not have legal authorisation.
What is the point of having terms and conditions to protect our data if they don't actually protect us!
From article (link above):
Hey everyone! I was watching the news this morning and they actually discussed this on BBC news, I thought it would be interesting to add!
An EE customer was stalked by her ex-partner who accessed her private information through the company. The worker used his position to access her phone number, address, scanned drivers license (and other documents) and bank details.
Back in February, her phone number and SIM card was corrupted. When contacting EE, customer service explained that her account and phone number had been registered at a new address, the address of her ex. This meant that her ex could receive all private phone calls and text messages sent to her.
I just think its interesting what data EE had access to and how easily her ex-partner could access it. EE apologized for the actions and confirmed that this should not have happened because of the GDPR terms that were put in place last year for customers in the EU. The ex-partner did not have legal authorisation.
What is the point of having terms and conditions to protect our data if they don't actually protect us!
From article (link above):
"I spent countless hours at the police station and missed days at work," she said. "He had access to everything: my sort code, my account number, a photocopy of my driver's licence."
"It did put me at risk and I feel all customers should know how poorly something like this will be handled if there is a data breach on their account."
"It was a complete breach of trust. I don't trust the way they handled my data at all." An EE spokesman said its own internal policies were not followed in this case.
EE responded,
"This matter has been dealt with internally and the employee involved no longer works for us."
"While we worked quickly to protect Francesca, we apologise for not keeping her informed of the actions that we took during this time."
The Information Commissioner's Office said that under the Data Protection Act and GDPR it was "illegal for individuals to access personal data without authorisation".
It said there was also an obligation for companies to ensure data was managed securely, and protect "against unauthorised or unlawful processing and against accidental loss, destruction or damage". (BBC News)
Comments
Post a Comment