Suspect vat refund email

Anonymous · ‎23-01-2015

Today I receved an email saying "In response to an increase in VAT in the EU and currency changes, and as a result of last week's VAT-related price change, it has come to our attention that between Oct 2012 and Oct 2014 there was a system error which resulted in some of our customers paying the incorrect rate of VAT on some services.

This email had all my personal information, but asked me to follow a link to log into my account, has anyone else seen an email like this? The email looked legitimate, if anyone from O2 monitors this thread, please let me know how to report this.

Anonymous · ‎07-02-2015

Hi thanks @WispaRed7 yes going to get in touch with @piperdog123. Not well atm which is why I've been quiet but soon as I'm better I will start chasing this again

sad that you are not well atm hope you're feeling better asap @Anonymous

Anonymous · ‎07-02-2015

Below is a copy of the email I sent to my contact. At the request of @Toby I have removed the contact name and email address (although the sender have me the permission to copy the letter out, Community guidelines are that names / email addresses should not be used on here).

TO DATE I HAVE YET TO RECEIVE A REPLY.

Dear Xxxxxx

I note with interest that o2 have now notified the Information Commissioners Office regarding the earlier potential data breach in relation to vat refund.

The action taken by o2 "out of courtesy" only occurred as a result of press interest from The Register who have also spoken to the ICO.

Users on the o2 Community have more recently been reporting that the newer potential data breach details information in the identical format of "myo2" and that the information is verified as correct.

As agreed I copied your earlier response into the Community and the experts on there destroyed much of what you had said. Especially given that some details included in the emails would never be used on a pc, only on a phone.

Xxxxxx, o2 need to get a better grip on this and produce answers. The responses from o2 thus far do not cut it and I think it is fair to say mainstream press are likely only hours or days away.
And yes I continue to be extremely concerned about o2's lack of customer focus on this issue. Instead o2 are relying on letters and emails to fob customers off.

I await a more detailed reply.

Anonymous · ‎07-02-2015

I have just received a reply from O2 customer complaints that gives me lots of helpful(!) information about spotting phishing emails and very briefly tells me that their investigation has revealed no security breach and therefore there is no data protection issue with O2 in this case. They also confusingly tell me that a full investigation is ongoing, whatever that means. However my complaint has been refuted.

I was quick to call them back - I was dealing with someone from Capita (no idea who they are, but seem to handle customer complaints on behalf of O2) who gave me a lot of useless excuses and was very sure to inform me that O2 had not breached their data protection responsibilities following her investigation of the matter, and they therefore don't have a complaint to answer to. Matter closed.

I told her that I was going to the ICO with my ongoing concerns. Meanwhile I received a phishing text today offering me the same amount of vat refund from O2 from phone number +1 (661) 733-0814! I didn't reply!!

Beenherebefore · ‎07-02-2015

Nor surprisingly, the only Google reference for that phone number (+16617330814) is here :

http://wiki-numbers.ru/world/phone/6617330/

"My life is a facsimile of a sham"

MI5 · ‎07-02-2015

That's the same lame excuse everyone is getting.

I have no affiliation whatsoever with O2 or any subsidiary companies. Comments posted are entirely of my own opinion. This is not Customer Service so we are unable to help with account specific issues.

Currently using:
Pixel 7a (O2 & Lyca), One Plus 6 (Sfr), iPhone 12 Pro Max (Vodafone)

Beenherebefore · ‎07-02-2015

Perhaps O2 have been advised not to confirm whose database has been hacked.....from a legal point of view they may not want to name the company that has released their customers' personal data :smileywink::smileywink:

"My life is a facsimile of a sham"

Cleoriff · ‎07-02-2015

All I know is...if, as we suspect, personal data has been 'hacked into'.....then they are just allowing it to continue if they are saying 'Not our fault Guv'

Veritas Numquam Perit

Beenherebefore · ‎07-02-2015

To be fair to O2, it may not have been their database that was hacked.

We have suggested perhaps the Phones4U database was released into the public domain......that is not O2's responsibility but if they know that is what happened or suspect that is what happened then legally they cannot say so.

"My life is a facsimile of a sham"

Anonymous · ‎07-02-2015

@Beenherebefore

Whilst I appreciate o2 may not be the actual party to have released the data, and that it may be a partner etc, the fact is that it is OUR data they O2 have at some point released and as such they bear the ultimate responsibility.

Secondly, whether it is o2 or their partner, we the subjects of such a data breach abs as such subsequent are the ones at risk have a RIGHT to know.

So if the breach is from a partner then the partner should fess up and immediately

Beenherebefore · ‎07-02-2015

I agree but ICO will not look upon O2 as having released the data if a 3rd party was hacked.

I believe that's why O2 have phrased their statements as they have. Also probably explains why O2 have notified ICO "out of courtesy" because although it involved their customers' data, O2 did not release it.

"My life is a facsimile of a sham"

O2

Add a monthly Sim Deal

Not impressed : "Your O2 RPI terms are changing"

eSIM

New contract

Is my mobile included in my virginal media package