Active discussions

Meet the Other Phone. A phone that grows with your child.

Meet the Other Phone.
A phone that grows with your child.

Buy now

Please or to access all these features

Talk
AIBU?

Share your dilemmas and get honest opinions from other Mumsnetters.

Original poster

To panic over this???? (GDPR breach)

124 replies

aconfusedperson · 06/10/2020 22:48

Hi all,

So I was emailing a company back and forth regarding a faulty product.

Included in this email thread was my full name, old address, new address, and personal mail address.

I replied to an email in the thread this afternoon and it somehow reached a customer who has a similar first name to me. She replied asking to be removed from the conversation but upon investigation, she has access to the whole thread, meaning a random stranger out there knows very personal information.

I am an extremely private person and things like this give me a lot of anxiety. I especially keep my address private due to past problems with stalkers etc.

Any advice on what to do? Can I sue this company for GDPR breach?

Thanks

OP posts:
AdoptAdaptImprove · 07/10/2020 08:32

Are you sure you’ve been communicating with the company and not scammers? How did you get the customer service email address in the first place? Most companies use a contact form on their website rather than giving an email address. And a refund would usually be made directly back to the method you used to pay and which they have in their payment system, eg credit card, without the need to deal with bank transfers or cheques, which are expensive and not automated processes. And if you wanted a refund by cheque, why did you give your bank details? Lots of things don’t add up, here. Either we’re not hearing the whole story, or this is baloney.

TJ17 · 07/10/2020 08:36

What makes you think that data is any safer being sent to the person you don't know at the company you are emailing? Everybody in that company has access to same information so it's no different.

jessycake · 07/10/2020 08:41

I have been included in emails by mistake , I have never stalked them turned up at the funeral , cancelled their orders or sent anything malicious to the address. I think you are overthinking this .

Scarby9 · 07/10/2020 08:50

To those saying they can think of absolutely no situation when you would send bank details in an email, as @Xenia says, I send out invoices for freelance work, all of which have account number and email, along with my name and address. Normal practice.

But it wouldn't worry me if the email somehow went to the wrong person, unless it made me look inefficient.

Scaraffito · 07/10/2020 08:54

@Scarby9 not if they're sending a cheque though. And you'd expect someone to invoice with their business account, using a personal one is a risk.

AwaAnBileYerHeid · 07/10/2020 09:07

Sue Hmm. Give your head a wobble.

AwaAnBileYerHeid · 07/10/2020 09:09

@Scarby9 but the bank info that you send out, ie acc no and sort code, that's just for people putting money in isn't it? That wouldn't sufficient money for accessing your money surely?

anniegun · 07/10/2020 09:19

You can sue for monetary loss- which is exactly zero in your case. Mistakes happen

NotAGirl · 07/10/2020 09:21

Raise it with the company and tell them you expect them to report it to the ICO as the inclusion of your bank details makes it a significant data breach. You could also say you want them to pay for a years credit watching so you will get alerted if anyone tries to use those details (no guarantee they will do that though).

But (assuming you are in the U.K.) the ICO aren't going to do more than tell them not to do it again

modernmystery · 07/10/2020 09:43

Can’t people set up direct debits coming out of your account if they have your bank account details, name and address?

I once had a fraudulent gym membership coming out of my account. It was a few months before I noticed.

CorianderLord · 07/10/2020 09:44

'Automatically got bounced' - you mean the address line automatically filled in her email as it starts the same of yours. Not a bug.

Namechangearoo · 07/10/2020 09:46

[quote aconfusedperson]@Powerchewings how would you feel that a stranger has all of your personal information. all you need for some websites is a name and an address to access even further data on someone and potentially hack them.

Anyone would be crazy not to take further action even if it is just getting a warning sent to the company.[/quote]
I honestly wouldn’t care. If you have any online presence at all, most of this information can be found by someone determined enough.

chomalungma · 07/10/2020 09:49

Did you receive a message saying that you had a secure email and that you had to login to read it? I am very interested to see exactly what happened as you are talking about encrypted emails.

FlapsInTheWind · 07/10/2020 09:50

You can't sue for compensation if you have had no loss.

There is no evidence you have had loss.

Report it and be done with it. It's a PITA and it is worrying but it's likely just a simple mistake.

SoVeryLost · 07/10/2020 09:55

@malmi

If it's email it was never encrypted. Email doesn't work like that, unless you know what you're doing.

If "bank details" are sort code and account number, that's no problem, they're not secret and nobody can steal money off you with them. If it's your online bank login details that's a different matter, but it sounds like it's not.

It's not great if your details have been exposed to another customer. But report it to the company and ensure they take it seriously.

That's not strictly true, most emails are encrypted by TLS 1.2 at this point all the free email accounts do it as standard. Although TLS 1.2 is broken as in there are known vulnerabilities. I do agree though that I wouldn't be emailing a company my bank account details.

OP it does sound like you sent the email to someone else and not the company, an email would not magically redirect to a random other customer.

Ugzbugz · 07/10/2020 10:00

Sounds like you've been emailing a scammer. How was the email encrypted? I used to send them at work sometimes and would have to give the recipient a code to open the email but that was a few years ago.

BoyTree · 07/10/2020 11:56

Sorry that so many people either haven't bothered to read your posts or are so spiteful that they are putting the boot in when you are obviously concerned for your safety. Some of the comments here are so unpleasant and hopefully they haven't made a situation that is tough for you worse.

I imagine that the chances that the person who has your details will do anything with them is quite small, but I would definitely be asking the company to investigate and get to the bottom of how this happened. I hope you get a resolution that you are happy with soon.

dontgobaconmyheart · 07/10/2020 12:25

Who is it ypuve been emailing OP? A legitimate company. If you are concerned about it to this degree why are you putting the info in emails anyway rather than making a call to their customer services.

The chances of this random woman giving a shiny ahit about your details are next to none. The chances that she is a 'hacker' sat at home ready to 'hack' (it's really not that simple) you are almost next to none. She has even asked to remove herself from he info.

You'd be surprised OP, I expect your address etc could be got online pretty easily anyway by anyone who knows the right thing to look for on google. If you have (for some reason) given out your full card details included expiry dates and the card CCV, simply call your bank and tell them the card is lost and you can get a new one with new details.

By all means raise a complaint about GDPR to understand how this came about but I can't see what you'd achieve by using and you will make yourself look silly threatening it. It would cost you a fortune and there would be minimal return, since no loss or danger to you has occured that you can demonstrate.

We ourselves have to take responsibility for how safe we are online regardless of GDPR. It's obviously frustrating and they've made an error but suffering anxiety will make it seem worse. I would approach this rationally, secure/alet my bank details, assess my my online presence and passwords and my server for security and get on with things. Be careful what you put in emails. Speak to someone if the anxiety is consuming, it doesn't have to be that way OP.

GlamGiraffe · 07/10/2020 13:08

If you contact the ICO thry will advise, however i believe where information has been shared which has potential to endanger an individual due yo their personak circumstances,they recommend making a complaint to them and then speaking to them a week later as such cases are fast-tracked . It us worth discussing with them if nothing else. You can raise the issue directly with the ICO you do not have to go to the organisation first, you can complain to them both at the same time.
You don't get financial benefit from an organisation's mis handling of data where it is identified. They may however in some cases be fined. Procedures must be put in place to ensure it doesnt happen again.

MasksGlovesSoapScrubs · 07/10/2020 14:31

@aconfusedperson

also just a note - some of you are rude!!!! I suggested suing the company and you all thought I was after money! I am after justice!!
Lol. If that was the case and you did end up with some money on it I really do hope you don't take a penny. Justice. You're so manic. Chill out.
LunaLula83 · 07/10/2020 14:48

You sound like hard work

BoomBoomsCousin · 07/10/2020 16:18

@Florencex

Thankfully our laws are not in agreement with your thinking and this is not a “suable” matter

While suing in the general sense would not apply because the OP hasn’t suffered a loss that she could sue for, our laws do allow the OP to claim compensation for a breach of gdpr, and not only if she suffers material loss.

There are systems you can use for customer service communication that would stop someone from accidentally adding a new email to correspondence. Training can also lower the likelihood of it happening. Even though human error still exists, systems can be improved so that errors get caught or they happen very rarely. Putting a cost on that error is what encourages companies to make those systems as good as they can. There nothing “ridiculous” about the idea that companies will put effort into stopping things that cost them or that privacy practices can be improved despite the existence of human error.

Awwlookatmybabyspider · 07/10/2020 16:34

This is obviously an innocent (albeit granted a stupid mistake), but That's what it was a mistake.

Supposing the person loses their job which is likely to cause them great anxiety. Surely as someone who suffers from anxiety themselves you should be more understanding than anyone.
Now, don't get me wrong if this was a pharmacist who had bellowed out
"Here you go Doris these'll clear up your piles" then I'd be with you as that would have been deliberate. "

MintyMabel · 08/10/2020 00:12

I can’t think of a single scenario where you’d put your bank details into an email.

I can think of plenty of scenarios where I've had bank details by email. Usually from companies asking for payments. Folk do it at work when looking for cash for things like collections etc.

It's an account number and sort code. It isn't your password and security code. People can do very little with such scant information.

New posts on this thread. Refresh page