Experian – an eye opener.

[Robin GrahamParticipant @robingraham42208]

A couple of months or so ago my pension provider sent me a letter saying that there had had been a data breach at Capita, who they had unwisely trusted to manage their (my) data. Private Eye calls them Crapita with good reason. All my personal details are now out in the wild in a collated form it seems.

As some sort of recompense I was given a subscription to Experian's premium service which tracks requests, eg for opening a new bank account or more generally enabling new financial activity.

It's surprising and a bit scary. I get emails from Experian detailing requests from companies I've never dealt with or even heard of. I suppose it's the selling of data – I do buy a lot of stuff over the internet.

I post on this forum under my real name. Maybe that's unwise. If so, that's sad.

Rabbie Graeme.

[Robin GrahamParticipant @robingraham42208]

[peak4Participant @peak4]

I've just been given a similar free subscription to the same service for a year.
In my case, because one of Tesco bank's print suppliers had been hacked.
No personal banking details were obtained, so probably just name and address etc, but could potentially be used for fraudsters to apply for credit in my name.

On similar lines, have a look at This Site to check your email for known data breaches.
https://haveibeenpwned.com/

Google's own password check is handy too.

Bill

[Ady1Participant @ady1]

There's a lot more phone authentication stuff going on nowadays

I've been lucky insofar that my passcodes mobile is an old pay as you go texts only job which seems to go on forever as long as you top it up once a year

My virgin mobile data sim dropped dead this month after the O2 merger which meant the phone number went down the toilet. Banking. Credit card Ebay etc would all be unobtainable if I'd used it as a mobile phone.

So I dodged one bullet but no doubt technology will produce lots more in the coming years

[Kiwi BlokeParticipant @kiwibloke62605]

When there are major breaches like this, do the outfits that you believe are keeping your private information secure get beaten up by the law? It seems to me that they just shrug their shoulders, and are allowed to carry on. There's a small rebellion against being pushed to do everything online, (probably mainly old geezers without smart 'phones, and being difficult by refusing to use online 'services&#39, but it's so small at present, and not arganised, that we must accept that our privacy and security are no longer respected, or considered important. And we're considered difficult…

[Andy_HParticipant @andy_h]

Posted by Robin Graham on 28/07/2023 00:40:13:

I post on this forum under my real name. Maybe that's unwise. If so, that's sad.

When I originally created my account I filled in my name thinking there would then be the option of defining a "screen name". There wasn't so I edited my profile to how I would want my posts to appear (i.e. not real name). Although those changes saved my posts still appear with the original details I registered with. Not good!

Andy

[derek hall 1Participant @derekhall1]

Hi Robin, a pension I have is also with capita, and I too got the email. I also joined for free, Experian.

Fortunately I dont get bombarded with emails from Experian, so although my data may have been compromised so far it appears not to have been used by the criminal filth.

As for taking responsibility, I agree with Kiwi Bloke, capita will just carry on as there is no punishment. I think if anyone has lost money then they should be reimbursed. Maybe all those affected should get some compensation other than a free years subscription to Experian.

[An OtherParticipant @another21905]

I had a similar issue with posting, and with unnecessary abuse on this site under my real name some years ago, so I simply stopped using the original account, established a new e-mail address, and started another account under a pseudonym. The original posts still exist, but at least the problem is not getting any bigger.

I never 'register' with any online site under my real name, unless its absolutely necessary.

[Bo’sunParticipant @bosun58570]

Posted by Robin Graham on 28/07/2023 00:40:13:

A couple of months or so ago my pension provider sent me a letter saying that there had had been a data breach at Capita, who they had unwisely trusted to manage their (my) data. Private Eye calls them Crapita with good reason. All my personal details are now out in the wild in a collated form it seems.

Rabbie Graeme.

CRAPITA, what an apt name. They are absolutely hopeless, but that's what you get when the service is cheap. I guess that's why organisations farm out their admin to them.

It worries me, because my company pension is administered by Crapita. They also looked after some financial stuff when I worked for Essex County Council. Boy, what a shower.

[Michael GilliganParticipant @michaelgilligan61133]

… and yet: **LINK**

https://www.capita.com/news

MichaelG.

[BazyleParticipant @bazyle]

So now Experian have permission to access all your details. Did any part of the registration involve passing over credit card or bank details, though maybe they have that as part of the info handed to them by Capita. Prepare for sudden unexpected charges at the end of the free period.

[SillyOldDufferModerator @sillyoldduffer]

Posted by Andy Heron on 28/07/2023 07:59:05:

Posted by Robin Graham on 28/07/2023 00:40:13:

I post on this forum under my real name. Maybe that's unwise. If so, that's sad.

When I originally created my account I filled in my name thinking there would then be the option of defining a "screen name". There wasn't so I edited my profile to how I would want my posts to appear (i.e. not real name). Although those changes saved my posts still appear with the original details I registered with. Not good!

Andy

I think the forum does what you need Andy.

Login, and select 'Settings' from top left in the Green Bar running across the screen top

This opens the 'My Details' dialogue. Click on 'My Profile'.

This allows a Nickname to be entered. Try it and see what happens: I think all your posts, past, present and future, will be tagged with the Nickname not your real name.

Dave

[Andy_HParticipant @andy_h]

Posted by SillyOldDuffer on 28/07/2023 10:27:50:

I think the forum does what you need Andy.

Many thanks – I completely missed that – now sorted.

Andy

[Michael GilliganParticipant @michaelgilligan61133]

I think this is best asked here, rather than on one of the several threads about Scams.

An open question to any clever data-processor …

How would this be expected to help ?

“PayPal is committed to preventing fraudulent emails. Emails from PayPal will always contain your full name.”

MichaelG.

[Frances IoMParticipant @francesiom58905]

because it prevents bulk mailings of the form Dear Sir or similar – one obvious technique that used to be useful was to invent a second initial as a middle name using a different letter for each major login so that was easy to track where unwanted email had come from

[Michael GilliganParticipant @michaelgilligan61133]

Thanks, Frances … but I admit to remaining less than entirely convinced

My immediate reaction was to think that PayPal has now clearly coupled my ‘full name’ with my eMail address … to the benefit of any data-trawling ‘bot that might be digging-around in the eMail system.

Paranoid … Moi ?! [as Miss Piggy might exclaim]

MichaelG.

[SillyOldDufferModerator @sillyoldduffer]

Posted by Michael Gilligan on 29/07/2023 08:07:24:

Thanks, Frances … but I admit to remaining less than entirely convinced

My immediate reaction was to think that PayPal has now clearly coupled my ‘full name’ with my eMail address … to the benefit of any data-trawling ‘bot that might be digging-around in the eMail system.

Paranoid … Moi ?! [as Miss Piggy might exclaim]

MichaelG.

A classic illustration of why security is difficult. Using the 'full-name' provides a temporary improvement by releasing information that can be noted and exploited later.

Security a constant battle between the bad guys looking for new ways of breaking in whilst the good guys look for new ways of stopping them. This often leads to long sequences of measure, counter-measure, and counter-counter measure, of which this is an example. Like as not PayPal are already thinking about improvements.

Meanwhile, everyone should be aware that being addressed by their full-name doesn't guarantee anything.

Paranoia never helps. My advice is don't be naive on the internet. Minimise the amount of personal information released. Doesn't provide impregnable security but it takes much longer for the bad guys to collect enough information to mount an effective attack. The folk who blab everything on Facebook, Twitter, et al, are much easier, and quite often belong to a family that does the same. They're a softer target.

Capita are in a different league. Very serious when a financial organisation is hacked, because deeply private information can end up in the wrong hands. If it does the victims are pretty much on their own. Capita, who have a reputation, will no doubt be fined the maximum by the Information Commissioner (about £20M), but the money is small beer. (The maximum fine allowed is set by government, I think it should be much bigger.)

Despite their failure, the firm continues to be awarded major contracts by firms and public bodies keen to reduce the cost of pension admin and other services. In my view it is irresponsible to give Capita new work whilst an incident like this in ongoing, but hey, it saves money!

I'm in favour of leaders being held accountable, which rarely happens in the UK. The best way to hold Capita's feet to the fire is probably to join the Class Action. Apart from making Capita more accountable, I think this is the only way an individual victim can get recompense.

Dave

[Author]

Posts