O2

I know it's not policy, unfortunately though it is happening, even in cases where external access to details has been virtually impossible. I hope it's as rare as you believe it to be.

It's all relative perksie, even if it was 0.5% of the customer base it would affect 120,000 customers, I only hope it's much less than that.

O2 are actually making their security process stricter for customers calling in. Within the next few weeks, you'll be asked for characters of your password, instead of the whole thing, similar to when you call the bank eg; Your password is: Canada75 You're asked for characters 2, 3 and 6 You'd give the agent a, n and a which they will input and if correct will allow them to access your account.

That is really welcome news. I trust that this means the call-taker won't know the full password then? My bank does that and I feel very safe with it. Hopefully you get 3 attempts and then you're forwarded to fraud for verification.
Ironically I had actually set up a similar system back in July this year. I contacted fraud and we established a new password, again, and it was agreed that I would only be asked random letters from it. A call to 02 yesterday revealed that my word have yet again been changed and the letter idea removed.
Reinforcing previous posts as well, yesterday's encounter actually had the agent spoon-feed me the answer by telling me the question. This is despite my account notes being littered with fraud-team entries.
So I welcome any tightening of security 02 can put together; currently their system seems way too easy to get passed.
Unfortunately it won't get my personal data back but hopefully others will be spared my experience.

O2 are actually making their security process stricter for customers calling in. Within the next few weeks, you'll be asked for characters of your password, instead of the whole thing, similar to when you call the bank eg; Your password is: Canada75 You're asked for characters 2, 3 and 6 You'd give the agent a, n and a which they will input and if correct will allow them to access your account. That is really welcome news. I trust that this means the call-taker won't know the full password then? My bank does that and I feel very safe with it. Hopefully you get 3 attempts and then you're forwarded to fraud for verification.

Nope, most likely they will still see the password, it's just what they ask for that changes. When it is a number style security system then it's usual that the operator can't see the numbers and have to enter what the customer says and see if it's correct. But, a word style system usually just shows the operator the password and they choose two characters to ask for.
It's highly unlikely that they are changing the computer security programme they have, more likely just changing the wording of the security scripting.

It isnt policy to allow this kind of access though. O2 has a rigid data protection policy.
O2 most definately do not have a 'rigid data protection policy' and no changes are being made any time soon. I know this as I have discussed my case with someone high up in Matthew Key's department, he is the CEO, ####
Instead of o2 spending money setting up a Fraud Department perhaps the money would have been better spent on installing new security systems to avoid the number of people having new phones fraudulently ordered against their account. My account was used fraudulently by telephone so nothing to do with any security measures that I use at home.
It is disgraceful that large companies like this feel they can get away with this disgraceful lack of care over personal information and I want to try and get a group together to sue o2 for breach of the Data Protection Act and may try to set something up through Facebook to do this. There are very large fines for breach of this act and maybe o2 will then take notice that they MUST do something immediately - something that would be oh so simple to do yet they still haven't acted.
I don't want to change from o2 as my reason for going to them was they have call centres in the UK and before this incident I was very happy with the service I had received but, on principle, I have to change provider.
I don't believe this hacking is anything to do with upgrade dates as I am on their Simplicity plan which does not give you an upgrade date.
With regard to the addresses the phones are ordered for it turns out the people at the address may be comletely innocent as the fraudsters pick an address and then hang around watching for a delivery driver, when they turn up they rush up to them and ask them if they are making a delivery to that house and make an excuse as to why they are not inside, sign for and take the phone. The delivery guys should be made to actually call at the house to deliver the phone not pass it to someone who blaggs it in the street!! I also know someone who was on the other end of this scam - they were the one at the address that the phone was delivered to! They returned the phone to o2 but guess what - they sent it out again!
So all in all - o2 DO NOT have strict policies in place and if the frauds were the result of 'lazy operatives' if they had a lock out system in place the 'lazy operatives' could not be at fault. But until they install such systems this will continue. As I've said before - if the credit card companies can do it WHY can't o2.

Sheepdog - actually I DON'T use Facebook! I suggested it as a method of contacting other people in the same position as myself.
It is you who is 'missing the point' - my account was hacked over the telephone and not internetand am I not 'willing' to give my information to anyone else.
Also whilst you may have had a bad credit card experienc, I had a very good one with M&S who locked my account out immediately there was a transaction outside my usual spending pattern.
I have also discussed my case at length with o2 and know suggestions to improve security are being discussed but unfortunately not actioned so I do know their systems could and should be improved to lessen the likely hood of this happening.

O2 most definately do not have a 'rigid data protection policy' and no changes are being made any time soon.

You're actually 100% wrong on both counts here, completely incorrect.
You have also completely ignored my previous post regarding the new DPA process being launched in the very near future which is based on 'bank' style security, proof that you're post regarding 'no changes being made anytime soon' is incorrect...did you even read the whole thread before posting or just start bashing out your reply?