To whom are you selling my details?
You've made enquiries and not had a satisfactory response. I suggest your next step is http://www.ico.gov.uk/complaints/data_protection.aspx
FAO Hairy Biker,
I've already replied re TPS on this thread: http://community.plus.net/forum/index.php/topic,94892.0/topicseen.html
I've already replied re TPS on this thread: http://community.plus.net/forum/index.php/topic,94892.0/topicseen.html
Read this just out of curiosity too, and - my contact number with PN is my mobile, and has never had spam / advertising, cold calls etc - till mid last year when my mobile started being used as a contact number for Plusnet 
I gave my mobile out, due to the fact the land line can and sometimes still is very bad, not much use of a phone call on a dodgy line especially if you have to hang up for testing etc.
Since support tickets use SMS messaging - how is this monitored? IF there isn't a 'leak' or rouge PN employee gathering data, then the only thing I can think of that we can point at is the SMS system. How secure is this? How easy would it be for a internal bot to harvest these numbers?
Read that a fair few PN employees work from home or have worked from home (winter for eg.), how is this done? What details are taken home if any? Do they connect up to a PN network or vpn, is there an outside login for employees?
Now, since we've not had hundreds of people jump on this thread all shouting about this, I doubt it's a really big problem, UNLESS, as is the case in this day and age where most people numb or become immune to it, therefore don't think about where or how it has happened, and just think, part and parcel of everyday life!
Just a few thoughts, and it wouldn't harm PN to do a full internal security analysis of all customer data, contact numbers and sms messaging services and publicice the details with a Draytek router me
Makes a change to my usual weekend ramblings on here
Oh just to add, BT phoned me on my mobile in regards to infinity! So if PN have details of customers, BT has details of customers! Although I think it is funny how BT try and poach PN customers and I've seen many BT users get marketing emails from PN. Like for like tit for tat at the end of the day!
I gave my mobile out, due to the fact the land line can and sometimes still is very bad, not much use of a phone call on a dodgy line especially if you have to hang up for testing etc.Since support tickets use SMS messaging - how is this monitored? IF there isn't a 'leak' or rouge PN employee gathering data, then the only thing I can think of that we can point at is the SMS system. How secure is this? How easy would it be for a internal bot to harvest these numbers?
Read that a fair few PN employees work from home or have worked from home (winter for eg.), how is this done? What details are taken home if any? Do they connect up to a PN network or vpn, is there an outside login for employees?
Now, since we've not had hundreds of people jump on this thread all shouting about this, I doubt it's a really big problem, UNLESS, as is the case in this day and age where most people numb or become immune to it, therefore don't think about where or how it has happened, and just think, part and parcel of everyday life!
Just a few thoughts, and it wouldn't harm PN to do a full internal security analysis of all customer data, contact numbers and sms messaging services and publicice the details with a Draytek router me
Makes a change to my usual weekend ramblings on here
Oh just to add, BT phoned me on my mobile in regards to infinity! So if PN have details of customers, BT has details of customers! Although I think it is funny how BT try and poach PN customers and I've seen many BT users get marketing emails from PN. Like for like tit for tat at the end of the day!
Quote from: Chrism2 I did not realise you buy information like that. I'd still like a comment from PlusNet about this
Quote from: Chrism2 I did not realise you buy information like that. I'd still like a comment from PlusNet about this
@fourfourdevon has summed it up pretty well tbh, there are plenty of other ways the scammers could have acquired the data. I'm confident it's not through negligence on our part that this has happened though.
Quote from: Chrism2 The contact number for the line is not my client's installed telephone line; but mine. This means that the information being passed to this listing is a great deal more general than PlusNet lead you to believe. It may not be PNs fault that it is possible to get this information; but I expect them to address the problem and either a) plug the hole or b) make it crystal clear where your number can end up.
My understanding of entering a contact number was that it was for Plusnet's benefit; not for general release.
Not 100% sure what you're implying here? The only number that should be listed in any directory is the telephone number associated with a line installation. It wouldn't extend to daytime/evening contact numbers AFAIK.
Quote from: Chrism2 So why then did they call my mobile (the contact number on this account) and ask for my client by name (his name on the account). (Hello is that Mr. Br~~~~~~)
The PN account is the only way they could make this match....
Is it *definitely* the only way? Is there no other way the association could have been made? e.g. they've called the land line in question and been given your mobile number by somebody? (just one of a number of possibilities really). Whilst I'm inclined to agree that it arouses suspicion, I stand by what both me and James have already said.
Quote from: fourfourdevon If people are being called using details only available from Plusnet, then even if Plusnet has not given/sold the information, Plusnet must be the source.
At this stage I don't think people are being called using details only available to Plusnet. There is a possible exception (see below), and that's something I'll look into.
Quote from: fourfourdevon I would watch this one to make sure it doesn't blow up in your faces like the ACS:Law thing did, I would also alert all CS reps to report to a central place any incidence of this reported from the customer, that way you can start to see if, how and when the data may have been breached/stolen.
We will certainly keep an eye on things, but at present I've no reason to believe anything untoward is happening/has happened.
Quote from: Chrism2 It's simply not possible that this information could have been sourced, in the form they have received it, from anyone other than Plusnet. You have a leak. I have no other connection with my client other than setting up his landline and broadband with Plusnet over a month ago.
I believe, on the record of "handling of personal data"; Plusnet has not exactly got clean hands - so when your marketing people say it's not your fault, please allow me to take the comment with a pinch of salt.
If the database that stores this information had been compromised then we'd all know about it, trust me! I know that we sometimes use data provided by BT for some of our promotional/marketing activities so I suppose the reverse is plausible but that's something I'd have to look into, and I'd be very surprised if it were to happen where an account is explicitly opted out of receiving marketing/promotional material!
Quote from: carrot63 I did wonder reading this re the OPs issue, if there could be a connection to the abrupt closure of the SA call centre. Disgruntled employee? Its been known.
The only way anybody could have achieved that, would have been to manually lookup each and every account and manually note the details. Access over in Durban was pretty locked down to say the least. Bandwidth wasn't in a great abundance out there either!
Let's just say we may as well nip that particular conspiracy theory in the bud before it gains any more traction.
Quote from: TicnTac Since support tickets use SMS messaging - how is this monitored? IF there isn't a 'leak' or rouge PN employee gathering data, then the only thing I can think of that we can point at is the SMS system. How secure is this? How easy would it be for a internal bot to harvest these numbers?
With direct access to the database in question (*very* locked down, and *very* auditable) then you could pull the data relatively easily by running a few queries. This has not happened for the purpose people are alluding to.
Quote from: TicnTac Read that a fair few PN employees work from home or have worked from home (winter for eg.), how is this done? What details are taken home if any? Do they connect up to a PN network or vpn, is there an outside login for employees?
It's secure access to an SSLVPN gateway and then onto the internal Plusnet network using various layers of authentication including a cryptographic token.
Whilst we're discussing this sort of thing, I'll pre-empt somebody commenting on recent increases in email spam by drawing your attention to the news articles here and here.
Quote from: Bob Whilst we're discussing this sort of thing, I'll pre-empt somebody commenting on recent increases in email spam by drawing your attention to the news articles here and here.
I wouldn't be able to tell if spam was Plusnet's fault anymore - even my previously 'clean' email addresses are deluged after PNs failure to lock down the system a couple of years ago. Plusnet have plenty of form here Bob, so I'd be careful what you dismiss as conspiracy - it has a habit of coming back to bite.
And I, for one, don't get any spam to my Plusnet addresses. If you do, are you handling the spam controls properly?
Gloat gloat
Chris
Gloat gloat
Chris
FWIW, the spam I'm seeing is all getting rejected at the MX level by my mail provider so it doesn't hit my inbox anyway 