23-01-2015 19:21 - edited 23-01-2015 19:22
23-01-2015 19:21 - edited 23-01-2015 19:22
on 07-02-2015 19:58
on 07-02-2015 19:58
@Beenherebefore wrote:
@Cleoriff wrote:
@Beenherebefore wrote:I agree but ICO will not look upon O2 as having released the data if a 3rd party was hacked.
I believe that's why O2 have phrased their statements as they have. Also probably explains why O2 have notified ICO "out of courtesy" because although it involved their customers' data, O2 did not release it.
Sorry to disagree here but I will, purely on a matter of principle. I didn't sign up with anyone else but O2... Therefore if my secure details have been released by whatever means... it is O2 I would be holding responsible
You obviously missed the bit in red above
No I didn't miss it at all @Beenherebefore In fact it was that part I was specifically responding to.
Regardless of what the ICO or other bodies 'state' I stubbornly remain of the opinion that O2 are responsible. They had my data. I only gave it to them. I did not give them permission to share it with anyone else. Therefore blah blah blah....case closed.....
You can think me naive if you wish. ....:smileywink:
Veritas Numquam Perit
on 07-02-2015 20:05
on 07-02-2015 20:05
on 07-02-2015 20:12
on 07-02-2015 20:12
To be honest, I know that @Beenherebefore has far more knowledge than I could ever aspire to have... in relation to business and their practices.......That being so ....I still will fight my lone corner
Veritas Numquam Perit
on 08-02-2015 10:00
on 08-02-2015 10:00
The point I am making is that each organisation is responsible (under DPA) for its own data security even that data supplied to them legitimately in the course of normal commercial business by another organisation.
No doubt the O2 data was shared with other O2 partners but it is those partners who are responsible for the security of that data once it lands on their system.
on 08-02-2015 10:13
on 08-02-2015 10:13
on 08-02-2015 10:18
on 08-02-2015 10:18
@Beenherebefore wrote:The point I am making is that each organisation is responsible (under DPA) for its own data security even that data supplied to them legitimately in the course of normal commercial business by another organisation.
No doubt the O2 data was shared with other O2 partners but it is those partners who are responsible for the security of that data once it lands on their system.
@Beenherebefore ....OK..I accept that. So who will be held responsible then? ....As all these other companies are obviously going to shout 'not me guv'....
Are we expecting a long drawn out investigation...(giving the offenders time to plug leaks and get rid of the evidence?) As you see, I am cynical.
I am not as knowledgeable as yourself re big business... I admit to that.
However, I do have an idea about the sorts of practices that were undertaken by some NHS trusts to give an 'improved' perception of waiting times and bed management for audit purposes .
Veritas Numquam Perit
on 08-02-2015 10:33
on 08-02-2015 10:33
@Cleoriff wrote:
Are we expecting a long drawn out investigation...
Possibly....especially if the source of the release is no longer trading.
If O2's partners were given access into the O2 customer database then O2 would still be respsonsible but if O2 provided data to their partners either in paper or digital format then it's down to those partners.
on 09-02-2015 10:35
It would appear that another raft of emails is being sent. This is now my 3rd one, and this one has been modified by the scammers to remove the 24 hour response, which would normaly raise red flags with a savvy recipient.
Here is the email I received on 08/02, with personal details removed.
-----
Dear xxxxxx
We are contacting you today with regard to the device(s) which are linked to your O2 account and monthly mobile plan.
----- |
09-02-2015 13:35 - edited 09-02-2015 13:36
Yes also I've received another email last night. The sender is noreply@o2mail.co.uk This looks far more convincing than the previous email, without that 24 hr deadline and the o2 style email address. I wonder how many poor unsuspecting o2 customers will click on that link? I did forward it to phishing@o2.com although their statement which read 'Please do not send us any confidential information such as your account details, PINs or passwords by email' did make me laugh since the scammers have plenty of my account details already
Blaming leaks on trusted partners is a nonsense surely. If I were to lend £5000 of someone's money who'd placed it with me for safe keeping and I lent that £5000 to my trusted friend who then spent it, as the original trusted keeper of the £5000 I would have to accept responsibilty for the loss and pay it back since my judgement in my trusted friend was misplaced.
Dear mrs Xxxx Xxxxxxx
|
on 09-02-2015 14:06
on 09-02-2015 14:06
@Anonymous Your comment about Trusted Partners is very valid.... I like the analogy used about a friend giving you £5000 for safe keeping etc.
I didn't realise that the phishing team ask that no personal information is included when you pass on emails to them!
Makes a mockery of O2's advice surely...... maybe @Toby would want to comment on this aspect?
Veritas Numquam Perit