Jump to content

High Street Store Mishandling User Details


Clapham Saint
 Share

Recommended Posts

A little bit of a long story but stick with me…

 

I recently tried to set up an on-line account with a high street store to buy a jumper for my wife (she saw one she liked) only to find that they already had an account registered with my e-mail address. It is very possible that I set up an account in the past and so I didn’t think much of it and used the “forgotten password” option to as none of the passwords which I would have been likely to have used worked.

In this case the online system asked my for my e-mail address and surname, but when I entered these it rejected the request as not being a match.

 

This seemed odd (obviously) and so I e-mailed them to find out what was wrong.

After a couple of e-mails they finally sent me the surname which they have registered to my account, which I had never heard of and certainly wasn’t my name.

 

Having now been able to request my a password I have been able to access the account and have found that they have my correct first name, e-mail address and a correct (but now old and unused mobile number)

 

They have a completely different surname, date of birth and address.

 

Something is clearly wrong and potentially they have just supplied me with somebody else’s name, address and date of birth.

 

If I have access to this information on somebody else then it is also possible that they have given my details to another account holder as well.

 

I am not at all happy.

 

Before I write my @rsy letter of complaint which laws are they likely to have breached here?

 

Data protection for 1. Any others?

Link to comment
Share on other sites

Is your email address based on your first name? If it was not for the mobile number a scenario might be someone with a similar email address setting up an account and then entering their email address incorrectly. However with the mobile number its a bit odd. Question is if you did not set up the account why do they have an old mobile number for you, where did they get it from? Do you know if the highstreet shop may have bought up another retailer where you had registered?

Link to comment
Share on other sites

My email address is my first name, my last name and then a number.

 

I suspect that I set the account up a couple of years ago haven;t used it and their database has been corrupted somehow mixing my details with somebody elses. Seems a bit of a stretch but I can;t see what else might have happened...

Link to comment
Share on other sites

My email address is my first name, my last name and then a number.

 

I suspect that I set the account up a couple of years ago haven;t used it and their database has been corrupted somehow mixing my details with somebody elses. Seems a bit of a stretch but I can;t see what else might have happened...

 

Indeed. I guess you could try and get them to search their database for your details (i.e. those that should be in the fields where someone else's are) and to remove them. I guess as far as the law goes if it was a one off corruption issue they could probably get away with it. If however the corruption is more wholesale and they had not corrected it then they would be in trouble I guess. Have you googled to try and see if anyone else has reported the same problem for the same firm?

Link to comment
Share on other sites

Has any actual fraud been committed? i.e. has anyone bought anything using someone else's money?

 

No.

 

Order history is empty.

 

I've not lost anything as such. I'm just concerned that my name address and date of birth might be sat on somebody elses's account.

 

The likelyhood of my suffering financial loss is proably low but its the principle that my details may have been given to somebody else that has annoyed me.

 

Am I massively overreacting?

Link to comment
Share on other sites

No.

 

Order history is empty.

 

I've not lost anything as such. I'm just concerned that my name address and date of birth might be sat on somebody elses's account.

 

The likelyhood of my suffering financial loss is proably low but its the principle that my details may have been given to somebody else that has annoyed me.

 

Am I massively overreacting?

 

No, I don't think you are. I would probably be equally concerned. That said, I work in banking IT and was trying to deduce how this company's apparent lapse in protocol could transpire into an actual financial loss. As you say, probably unlikely but still a principle worth challenging.

Link to comment
Share on other sites

I agree the chance of this information being used against you is minimal as the random other person whose details you have been swapped with would have to be the sort of person who would then decide to start a criminal activity using them and without such details as credit card numbers or bank account numbers there is no obvious way that they could get at your money.

Link to comment
Share on other sites

If my credit card details were also saved on the account (given I don't recall setting it up I don't know if they were) then with. Ame address and date of birth you are pretty much home free.

 

As I've said already the chances of me losing money at this stage are low. It's the principle that a company has been this slack with my information that annoys me

Link to comment
Share on other sites

IF you gave your credit card information in the original entry and then all of this happened then you should report them ASAP to your credit card company.

 

It appears that the Merchant could be in breach of the new PCI Regulations, (sending you incorrect new laog-in information shows your original data may not have been stored correctly and Credit Card Co's are looking to kick some asses at the moment as the take up of Compliance Auditing has been very slow but IS mandatory.

 

Just the mention of those 3 letters should turn the Merchant to Jelly.

 

Any background info needed then PM me your email info & I will send you what I have.

Link to comment
Share on other sites

For breaches of the Data Protection Act, write to the Information Commissioner's Office (http://www.ico.gov.uk/) who are responsible for upholding the legal aspects of Data Protection.

 

There is more info here: http://www.ico.gov.uk/complaints/data_protection.aspx, including what to do if your personal info has been disclosed.

 

Also, is the retailer a member of the Direct Marketing Association as their code of practice may have been breached?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...

Important Information

View Terms of service (Terms of Use) and Privacy Policy (Privacy Policy) and Forum Guidelines ({Guidelines})