Slashdot Mirror

← Back to Stories (view on slashdot.org)

ISP Emails Customer Database To Thousands

Posted by samzenpus on from the give-me-a-list dept.

Barence writes "British ISP Demon Internet has mistakenly sent out a spreadsheet containing the personal details of more than 3,600 customers with one of its new ebills. The spreadsheet contains email addresses, telephone numbers and what appears to be usernames and passwords for the ebilling system. It was attached to an email explaining how to use the new system. Police forces and NHS trusts are among the email addresses listed in the database. A spokesman for Demon Internet confirmed that the company "was aware this happened this morning"."

6 of 259 comments (clear)

  1. computer billing story by innocent_white_lamb · · Score: 5, Interesting

    I run a movie theatre and send and receive a lot of freight (film cans and advertising materials) by bus. I have an account with the provincial bus company so they send me a bill once per month containing all of the waybills for that month.
     
    This story goes back several years, as you will see.
     
    Originally, I got a monthly bill that consisted of a strip of adding machine paper stapled to an invoice that totalled up my waybills for the month. Then the bus company decided to modernize and send out bills printed by computer, which were apparently aggregated by having a computer in each bus depot send in each days transactions by modem to a central computer that printed the monthly bills.
     
    For the next year and a half, I got bills for anywhere from $10 to $30/month, nowhere near the $600-plus that I usually spent on bus freight.
     
    18 months later I got a (manually generated) bill for $13,000.
     
    The bus company has since stayed with manually generated bills and has never tried to computerize that part of their operation again.

    --
    If you're a zombie and you know it, bite your friend!
  2. And this is partly why I refused eBilling by PipingSnail · · Score: 4, Interesting

    Demon wanted all customers to take up eBilling several years ago. You had to opt out of eBilling. I opted out because I wanted a printed invoice to give to the accountants and because I thought sooner or later so cockup like this would happen. My choice has been vindicated. And no, I won't be looking for another vendor. Demon are more expensive than other vendors, but other than the eBilling foulup, they are generally good and no bandwidth restrictions or upper limits at all. And that is what I want.

  3. Re:Free market will fix this by Penguinisto · · Score: 5, Interesting

    Their biggest competitor is BT ... Not quite seeing a stampede happening in that direction.

    There's always Orange, I guess...

    (...and to think that I bitch about Comcast...)

    /P

    --
    Quo usque tandem abutere, Nimbus, patientia nostra?
  4. Looking forward by vrmlguy · · Score: 4, Interesting

    I think that we should start putting ficticious information (something blob-like, like a customer name) into sensitive databases that matches one or more virus signatures. This would cause email filters to block the content before it leaves the premises. (Yes, I realize that we'd need to be filtering out-going mail, but unless you're a spam generator, that's a small fractgion of your incoming email. Some of use are already doing this, although not for this reason.)

    --
    Nothing for 6-digit uids?
  5. Re:Free market will fix this by clive_p · · Score: 4, Interesting

    I'm amazed that you never heard complaints. I was with them for 14 years, but left a few months ago, as their service deteriorated to a level that was completely intolerable. The original company was good, but was successively taken over several times, and all the competent people left. Have a look at the Usenet newsgroup demon.service and you will find plenty of complaints...

  6. My experience of the same thing... by w0mprat · · Score: 4, Interesting
    I ROFLd very hard at this. Now who hasn't heard of something like this happening or been in a work place where this has happend? Of all the security measures companies fret over these days they fail to recognise the threat of abject stupidity.

    Yes some asshat will accidentally forward whatever. How this occurs is demonstrated by my example below (I witnessed this, details altered). I've see co-workers make this mistake, and I've been a customer when the same fault happend and I got sent a 700kb spreadsheet of confidental information. But anyway, here is the two step method to epic fail:

    Step 1: Email staff with a template for them to send, and attach a spreadsheet of the customers

    -----Original Message-----
    From: Bob Smart [mailto: Bob.Smart@[-------].co.--]
    Sent: Thursday, 23 September 2008 10:53
    To: [-------] Outbound Contact Team
    Subject: FW: eBill template


    Hi Team,

    Please send this template below to all customers in the attached spreadsheet. You three can divide the work amongst yourselves.

    >

    Dear customer-name-here,
    [etc..]

    .....

    Step 2: Your keyboard jockeys forward the email, deletes the header and Boss's message. Inserts customer details into template. Send, Boom, Done.

    By default, forwarding in pretty much all mail applications keeps the attachment.

    I'm sure this is the principal way documents are leaked from just about any organisation.

    --
    After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.