topic Re: Data security in Discussions & Feedback

Data security

Ian128 — Tue, 07 Dec 2021 19:15:59 GMT

How likely is it that some kind of security breach has occurred?

A recent SCAM call had information about me that I seriously consider to be from within O2 itself.

SPECIFICALLY:-

Name, address, D.O.B, email, bank sort code and account number. Also reference to a SIM plan that I had changed back in MAY2021.

Is it normal for this level of disclosure on a call from (allegedly) O2?

Is it normal to be told (I am stopping the call recording) prior to disclosing my bank details?

Is it normal to declare this offer valid only for today?

From the outset I had NO doubts this was a scammer, my issue is with the level of personal data they had and from WHERE IT CAME.

Lets all thrash this out as I need convincing this is not a data leak from within O2.

Re: Data security

MI5 — Tue, 07 Dec 2021 19:28:17 GMT

"Trusted" partners

Re: Data security

Ian128 — Tue, 07 Dec 2021 20:06:38 GMT

Someone quoted "Trusted partners" before. Clearly if that was the case then there is little evidence of a "Code of practice" when discussing personal details. Or indeed turning off the recording.

Still awaiting convincing.

Re: Data security

MI5 — Tue, 07 Dec 2021 20:26:32 GMT

Have you checked your marketing preferences in your MyO2 @Ian128 ?

BTW, I don't intend to "convince" you. That's up to you, but scammers are after your account details so they wouldn't call you if they already had them.

Re: Data security

Ian128 — Tue, 07 Dec 2021 20:38:16 GMT

"scammers are after your account details so they wouldn't call you if they already had them"

whilst that makes perfect sense, they asked for my 16 digit card number (and likely the CVV) something that would allow them to take money from me instantly.

Re: Data security

TR11 — Tue, 11 Jan 2022 14:08:19 GMT

Had the very same conversation (5th attempt since October) regarding a data breach! Like you have stated the caller had far too much information, on the call I received they also knew my billing date and date of DD. But CS said I’m wrong and they’re not at fault

Re: Data security

Bambino — Tue, 11 Jan 2022 14:17:12 GMT

@Ian128, @TR11 You're under no obligation to give any information to anyone who contacts you through a cold call, whether they're a 'trusted partner' or not. In fact, we always advise never talking to anyone who uses cold calling.

Block the number
Don’t give out any information.
O2 advice here:

https://www.o2.co.uk/help/safety-and-security/phishing-and-smishing-advice
https://www.o2.co.uk/help/safety-and-security/unwanted-calls-and-messages
How to block a number:

https://www.samsung.com/us/support/answer/ANS00062352/

https://support.apple.com/en-us/HT201229

Re: Data security

TR11 — Tue, 11 Jan 2022 14:36:54 GMT

I had no need to give my details! The caller had every possible kind of personal details! That sort of information could only be from a data breach!

Ironically I was teaching a class of students GDPR when the call came through.
CS deemed it was me at fault not O2. Abysmal service!
countdown to contract being up, unless ofcom get me out of the contract under Data Breach regulations.

I am sure O2 think their customers are dumb!

Re: Data security

Ian128 — Tue, 11 Jan 2022 14:52:16 GMT

I have submitted a complaint to the ICO with all relevant info. So far nothing posted on this forum has changed my opinion of this being a data breach.

Re: Data security

madasaf1sh — Tue, 11 Jan 2022 14:53:10 GMT

@TR11

Sorry you are talking BS

OfCom will do SFA as this isn't a data breach and OfCom will tell you to go away as they don't deal with consumer complaint you need to go through the resolution process.

The ICO will also not be interested, as you read and signed the T&C's in full knowledge of the terms which include this.

It is not a data breach it is a company who o2 have a formal relationship with and who they unfortunately share customer data with, now when you signed up to o2 you agreed to this little part of the contract.

Now did you or did you not read, sign and agree to these terms and conditions when you signed up to?

If not, then for someone who is teaching GDPR it is about time you did...

Section 6 of the Terms and Conditions

6. How we use your information - We will collect information about how you use our Services and third party services you use in conjunction with our Services, including for example your location and account activity, to enhance your overall experience with us and make it more relevant to you. We may use and analyse your personal details to help us run your Service(s) and account, including for credit checking and fraud prevention. We may share and combine that data and your information with carefully selected third parties for all those same reasons. Your information is treated in accordance with our Privacy Policy, which can be viewed here: o2.co.uk/termsandconditions/privacy-policy.

Re: Data security

TR11 — Tue, 11 Jan 2022 15:19:59 GMT

oh how funny you are! I suggest you update your knowledge.
Data Breach is taken very seriously once raised!

All boxes for 3rd party were unticked.

ICO is next, I have found they are usually more than helpful when contacted.
strange you say that about Ofcom because after speaking with them this morning, they have sent full details for a complaint as they have in the past when there was an issue with BT.
And on another point the number with O2 is only used for family contact and never disclosed to any third party!

O2 does have issues, this thread, I didn’t tick the box to receive an email for a reply to the thread, yet I am getting an email!? Strange that!

The member of staff earlier today along with the other staff I have spoken to since October didn’t know anything regarding current Data protection and one wasn’t aware it had changed in 2018. Seriously when they’re working with confidential data?
about time O2 did some staff training then they may not get such a high staff turnover.
Now Virgin are involved it will only get worse!

Re: Data security

madasaf1sh — Tue, 11 Jan 2022 15:58:52 GMT

I know my knowledge thank you.

OFCOM do not investigate data breaches or individual customer complaints, they will investigate I think it is more than 100, and OFCOM will have shared a bulk complaint.

Data protection - Ofcom

Sales calls - Ofcom

Both point you to the ICO, who are another toothless regulator...

Most frontline staff in 99% of organisations do not understand GDPR or Data Protection, and 99.9999% of the general public don't either to be honest, the only people that do are the Data Protection Officers, and Lawyers.

Maybe if they didn't get abused by members of the public who tell them how to do their job they would have a lower turnover of staff.

My advice contact the Data Protection Officer at o2 (details can be found here) and take it from there you might find they pass it to the ICO themselves..

Requesting your personal data from O2 | Help & Support | O2 Has the email addresses to use.