My data has been breached

[Simbaya]

Respond please.

I believe the intention was to shame me.

@Simbaya it might be more productive to deal with it by email now. I don’t blame you for being angry but it’s all in danger of spiralling out of control.

Wise words

Love to anyone affected by this, must be a nightmare

I tried to. All day. No response apart from to tell me that they couldn't tell me. Until they posted the posts here. Interesting breach there Justine.

Justine couldn't tell me via pm what I had said wrong.
She could tell all of you however.

You started this thread, though, OP, and demanded an answer in the thread, despite mumsnet staff having contacted you by email to discuss privately.

Mumsnet's DPO has already been alerted, per GDPR legislation There's not really anything else for them to do at this stage, however much fuss you make.

Maybe people will learn that it is not wise to use an identifiable email address on sites like this, why would you use the same email address on MN as your bank.

It might be easy to think it doesn’t matter because OP was deleted for personal attack/breaking TGs, but the point is privacy and discretion should apply to everyone, even the posters we don’t like.
OP only asked for further info on this thread because she wasn’t getting the info by PM as she requested. To slap it on here is dismissive and childish. Should privacy only apply if you don’t annoy MNHQ? Looks like it.

The expectations of MNHQ as both a holder of data and to be quite honest, just adults, on this thread are scarily low.

it does not matter what the op has ir has not done. The bar doesn’t lower because of someone’s like ability or because they ask for something if it is not appropriate.

@Simbaya

I’m appalled that Justine repeated your posts in public. I don’t care what was in them: Without context many posts can look needlessly aggressive and nasty. But doesn’t retract from our fundamental rights to have our data protected without resorting to special email addresses- do you think people of Reddit have to think about this stuff?

AND sorry Justine, it makes you look passive aggressive, unhinged and quite vindictive. You gonna drag up some of my posts now in retaliation for not being kind?

You’re holding access to all our data and I’m not sure if I trust you lot with any more of my own. You are bad at handling the data AND bad at handling breaches. Your optics don’t look great.

Unfortunately, I think you are making good points.

Also you get emails even if they're 'just going to look now'

Did those contain the breach too?

You might never know if you've been reported, if it didn't lead to a deletion. But there would still have been an email about you to the one who did the reporting

I agree its wholly inappropriate. Privacy rules are not just there to protect "people like us" whilst exposing the plebs.

It reflects really badly and doesn't inspire confidence or trust in data protection or even an understanding of data protection.

We are constantly asked to report trolls and not challenge them on threads. How likely are people to use the reporting system knowing that their own email address is exposed every time as the reporter and that random individuals can override deployment processes and implement something like this without checks or supervision?

Seems majorly off to post the posts in this thread when apparently mnhq wouldn't email them to poster.

Mnhq always seem annoyed at posters when a data breach happens or similar and people are angry. Which is a weird vibe to put out when it's their mistake.

Email can be a scary thing for a forum where people post so much info, with an email address and being able to trawl back posts for talk of location or jobs etc probably quite easy to pinpoint a lot of people without even getting into what if the type of posts you make are ones that are regularly targeted (feminist board)

@JustineMumsnet

Can you clarify if those comments you've posted were made by @Simbaya or another user/username?
Have you just publicly called out a user who had changed their username? Was it a name change, or a different account?

Exactly this. I totally understand mistakes can happen, but the way mumsnet has handled the breach (again) has been awful.

Mumsnet are once again showing everyone how incompetent they are.

I do understand why some people think posting the reported comments were unfair. As others have said I wanted to clear up the perception that the reporters of the posts in question were malicious and/or motivated by a specific agenda and therefore might be likely to use the breached data maliciously - they weren't, they were genuine Mumsnet users who were trying to be helpful and we'd repeatedly reassured Simbaya on this matter.

Furthermore Simbaya had posted these comments under their username on the forum - so I don't believe I was outing them by repeating them.

Obviously correspondence has gone on/was going on behind the scenes which I'm not going to share here but we have good reason to believe this user wasn't acting in good faith, so in my view our priority is to the people viewing this thread and clearing up things that could cause alarm. (Who you choose to believe is of course, your choice.)

None of that of course is anyway mitigates the fact we should not have breached anyone's details on monday pm and that we have a duty to protect all users' data. As said we're extremely sorry about - especially to the 20 or so folks who's emails were leaked - and we're taking the matter extremely seriously internally.

Perhaps MN needs to clearly state that when new users register, explaining that previous data breaches have occurred.

And have that prominently displayed somewhere on the site.

Something like this has never happened with my bank. How could it? I don’t report other customers.

I am one of the posters affected. I have deregistered but have temporarily joined with a disposable email address to comment on this thread. I have no intention of staying.
All those people who say who cares? I am identifiable from my email address. I stupidly trusted Mumsnet. It is a big site, not a tiny local one and I assumed that my email address would not be shared with anyone else.
You might not care. But I have no idea who has my email address and what comments they can link them to. I think I know the thread where my comments would have been reported. It could have consequences for me in real life depending on who reported my comments.
It is easy to underplay this when you are not the one affected. But now I am left in the position of simply having to wait and hoping I have no problems in my life as a result of this data breach.

Notstaying I am so sorry, mate. I hope as you do, that there are no RL consequences from this event for you.

@Userforever If this was a tiny forum I would agree. But why are people stupid if they think they can trust MN to adhere to a very basic level of GDPR?
I do not understand why this issue was not identified in the initial testing of the new site. How can they not have known that someone's personal email address was being sent to anyone who reported a comment? It is beyond belief.

You think I was stupid to trust MN not to make this very basic mistake. I think anyone should be able to trust a site of this size not to do this. It really is amateur hour.

And people are trusting MN with their financial information by signing up for premium. Are they also stupid?

I do not know why anyone would want to remain here when such a basic mistake can be made. This isn't a hack which I know firms have suffered and that has led to GDPR breaches. This is a very basic programming error and a total lack of basic testing.

(Who you choose to believe is of course, your choice.)

Wow. I'm hazarding a guess that you don't have a PR person looking over your responses before you press send, @JustineMumsnet
That kind of passive aggressiveness is really bad look, however frustrating it must be to be dealing with this.

And what makes it worse is unlike other social media sites, we have no control, over our comments. So GDPR matters more on MN than other social media sites. I can just delete or edit my comments elsewhere. Here people have to contact MN and ask them to delete or change things.