The Plusnet data breach that was revealed in September 2018 was another example of a system update that went horribly wrong.
During the process of the internet provider updating its billing system, a data breach incident occurred. The issue led to a number of customers being able to view the personal data for other customers instead of their own.
The Plusnet data breach is practically the same as the huge TSB bank software issue from earlier this year. When they updated their systems, customers were able to see the banking details for other customer. Some were even able to transfer money and make payments.
How the Plusnet data breach happened
The Plusnet data breach reportedly occurred when the telecoms and internet services provider upgraded their billing system. Upgrading systems can often be useful for data protection purposes, but when things go wrong, upgrades can also lead to data breaches.
In the breach, some customers were able to see the personal contact information of other customers. Those people whose information was visible are essentially subject to a data breach without even knowing it.
We assume Plusnet will have done the right thing and will have contacted those whose information was exposed. Given that the breach took place in the post-GDPR era, they are compelled to inform victims of a breach as soon as possible.
ICO informed of the Plusnet data breach
The ICO (Information Commissioner’s Office) is reportedly aware of the Plusnet data breach. in a statement, the company said:
“We’d like to reassure all our customers that we immediately prevented access to the My Account section of the website and we quickly fixed the problem.”
Is data protection being taken seriously?
We really are blogging all the time about new breaches. The Plusnet data breach has taken place during a software upgrade, which is a period when data protection needs to be at the forefront of any organisation’s mind.
Upgrades can cause problems. One of the first considerations that needs to be addressed is how companies can ensure that data is always fully protected.
When companies are handling the personal and sensitive data for (in some cases) millions of individuals, they must ensure it is handled safely and correctly.
The Plusnet data breach may well be another example of a clearly preventable breach.
Do data breach victims have legal rights to claim?
Data breach victims are entitled to legal redress. You can find out more about how this works on our information page here.