bickster Posted July 10 Moderator Share Posted July 10 40 minutes ago, DCJonah said: So John Lewis have shared my mom's personal information with a complete stranger who lives on the same road. Fortunately this person came round to let her know, that after replacing a television, she was sent an order form with my mom's name, address, email address and phone number. She's sent two emails and John Lewis haven't responded. Any advice on the best way to deal with it? When you say they’ve shared her personal details with someone, what details and how did this occur? So if they delivered a parcel to the wrong address and her details (name address) were on the package but were delivered to the wrong address, it’s a human error by one person. They'll speak to that person. That’s it. If it’s a larger error of process, they'll have to change the process to remedy the problem, that’s good. Why would your mother suspect they’ve given her details to others? Are there other similar instances? Link to comment Share on other sites More sharing options...
bickster Posted July 10 Moderator Share Posted July 10 11 minutes ago, Davkaus said: I agree it's fairly minor, but it'd piss me off enough to raise it formally, and the right way to do that is sending the details to DPO@johnlewis.co.uk rather than messing around with staff in store, who probably had nothing to do with it It’s good advice but legally (and I think this is OTT) any member of staff should be able to deal with the SAR even if it is made verbally and dealing with it isn’t telling them to email x@company.com it’s taking the persons details and request and then contacting the relevant person. Yes it’s ludicrous. You're better finding the relevant email address and doing it yourself as you suggest 1 Link to comment Share on other sites More sharing options...
bickster Posted July 10 Moderator Share Posted July 10 23 minutes ago, Davkaus said: but it'd piss me off enough to raise it formally Do you do that if the postman delivers a letter to the wrong house? Link to comment Share on other sites More sharing options...
Davkaus Posted July 10 Share Posted July 10 4 minutes ago, bickster said: Do you do that if the postman delivers a letter to the wrong house? I am reading between the lines, but @DCJonah stated they'd sent the letter to the neighbour. If it was just a misdelivered letter, no, because the neighbour shouldn't be opening post that's not got their address on. I assumed it was addressed to the neighbour. The devil's in the detail, I guess. 1 Link to comment Share on other sites More sharing options...
bickster Posted July 10 Moderator Share Posted July 10 Just now, Davkaus said: I am reading between the lines, but @DCJonah stated they'd sent the letter to the neighbour. If it was just a misdelivered letter, no, because the neighbour shouldn't be opening post that's not got their address on. I assumed it was addressed to the neighbour. The devil's in the detail, I guess. I was kinda just trying to point out how stupid this stuff can be. Some things are technically breaches (like a misdelivered letter) that really aren’t worth bothering with. Now if they've sent a letter containing financial details etc and addressed it incorrectly to someone completely different, which has then been opened at no fault of the third party. That really does need addressing as there is an error in process which needs to be remedied. It could also be that this error affects many more people. Link to comment Share on other sites More sharing options...
DCJonah Posted July 10 Share Posted July 10 27 minutes ago, bickster said: When you say they’ve shared her personal details with someone, what details and how did this occur? So if they delivered a parcel to the wrong address and her details (name address) were on the package but were delivered to the wrong address, it’s a human error by one person. They'll speak to that person. That’s it. If it’s a larger error of process, they'll have to change the process to remedy the problem, that’s good. Why would your mother suspect they’ve given her details to others? Are there other similar instances? Someone who lives on the same road ordered a television for their son and there was something wrong with it so they sent it back for a replacement. She then received an order form and delivery date for the television but with all my mom's details on it and the television she'd ordered being delivered to my mom's address. Guess she's just concerned that her details might be sent out to others in a similar way. Link to comment Share on other sites More sharing options...
bickster Posted July 10 Moderator Share Posted July 10 1 minute ago, DCJonah said: Someone who lives on the same road ordered a television for their son and there was something wrong with it so they sent it back for a replacement. She then received an order form and delivery date for the television but with all my mom's details on it and the television she'd ordered being delivered to my mom's address. Guess she's just concerned that her details might be sent out to others in a similar way. So the only details that were given were the name and address? If so, it’s definitely a process issue that needs correcting, so right of correction applies. I doubt they’d know how many times it had happened though and it’s most likely once. Suspect it'll be a post code look up issue in the database Definitely worth informing them though 1 Link to comment Share on other sites More sharing options...
DCJonah Posted July 10 Share Posted July 10 1 minute ago, bickster said: So the only details that were given were the name and address? If so, it’s definitely a process issue that needs correcting, so right of correction applies. I doubt they’d know how many times it had happened though and it’s most likely once. Suspect it'll be a post code look up issue in the database Definitely worth informing them though Email address and phone number were on the form as well. Yeah I'm assuming it's a post code issue. Really strange that the letter went to her but the delivery was for my mom's address. I know it's not a major issue but she's not thrilled about her number and email address being given to people. Link to comment Share on other sites More sharing options...
bickster Posted July 10 Moderator Share Posted July 10 7 minutes ago, DCJonah said: Email address and phone number were on the form as well. Yeah I'm assuming it's a post code issue. Really strange that the letter went to her but the delivery was for my mom's address. I know it's not a major issue but she's not thrilled about her number and email address being given to people. Yes, completely understand 1 Link to comment Share on other sites More sharing options...
Rds1983 Posted July 11 VT Supporter Share Posted July 11 11 hours ago, DCJonah said: Someone who lives on the same road ordered a television for their son and there was something wrong with it so they sent it back for a replacement. She then received an order form and delivery date for the television but with all my mom's details on it and the television she'd ordered being delivered to my mom's address. Guess she's just concerned that her details might be sent out to others in a similar way. Sounds like a minor system error but worth reporting to their data privacy team via that email address, they will need to sort her details out and there's always a chance it's indicative of a wider problem. It's understandable to be worried about things like this, but try to place some comfort that it is relatively minor data points in terms of risk and one's that are largely already out there. Look on the plus side, sounds like she got a free TV! Link to comment Share on other sites More sharing options...
Wainy316 Posted July 11 Share Posted July 11 I've had some twunt hack my Paddy Power and is now sending threatening emails claiming to have all my data and know where I live. They claim to have acces to my device but no further hacks. I assume I just had my password phished but resisting the urge to email them back with a barrel of reciprocal threats. Link to comment Share on other sites More sharing options...
limpid Posted July 11 Administrator Share Posted July 11 28 minutes ago, Wainy316 said: I've had some twunt hack my Paddy Power and is now sending threatening emails claiming to have all my data and know where I live. They claim to have acces to my device but no further hacks. I assume I just had my password phished but resisting the urge to email them back with a barrel of reciprocal threats. Always use MFA. A password is not enough to protect anything that you care about. Link to comment Share on other sites More sharing options...
Rds1983 Posted July 11 VT Supporter Share Posted July 11 7 hours ago, Wainy316 said: I've had some twunt hack my Paddy Power and is now sending threatening emails claiming to have all my data and know where I live. They claim to have acces to my device but no further hacks. I assume I just had my password phished but resisting the urge to email them back with a barrel of reciprocal threats. Have they done anything to prove their claim? It's a common fraud technique to send emails like this out to a host of people and hope they get lucky with even just a few. It's often best to ignore the email and not respond. Link to comment Share on other sites More sharing options...
Wainy316 Posted July 11 Share Posted July 11 1 hour ago, Rds1983 said: Have they done anything to prove their claim? It's a common fraud technique to send emails like this out to a host of people and hope they get lucky with even just a few. It's often best to ignore the email and not respond. No and that is something I noticed, so I won’t engage. They have definitely compromised my Paddy Power twice though. Link to comment Share on other sites More sharing options...
Rds1983 Posted July 11 VT Supporter Share Posted July 11 (edited) 49 minutes ago, Wainy316 said: No and that is something I noticed, so I won’t engage. They have definitely compromised my Paddy Power twice though. As @limpid said above get two/multifactor authentication for anything important. Use secure and unique passwords and change them whenever you're aware of an issue. Cyber security tools or sites like haveibeenpwned will you to know if your details have been compromised. Don't freak out if you use it and find you've been involved in a data breach, practically everyone has at some point and most are relatively negligible and easy to fix (I'm sure people on here would offer advice if needed). Edited July 11 by Rds1983 1 Link to comment Share on other sites More sharing options...
Recommended Posts