Domestic & General Data Breach

sir_shad
sir_shad Posts: 35 Forumite
Fifth Anniversary 10 Posts
in Consumer rights
Hello, i'm not sure if this is the right forum for this post. I've just logged into my Domestic and General account and on my Dashboard where you can usually see all the appliances / plans you have with them, I can see many other active plans. When i click into them, i can download the plan documents which give me names, addresses, bank account holder name, last 4 digits of bank account number, sort code, bank name. This to me seems like a serious data breach. I called them and they said they are working on an issue but apparently nobody else can see my plans. I do not believe that.  I can see at least 7 plans for other customers which are not my plans and i can see all of their data for the aforementioned areas. Is there a regulator i can complain to? Not sure what the process here would be. 

Comments

  • The_Money_Saver_2
    The_Money_Saver_2 Posts: 69 Forumite
    Part of the Furniture 10 Posts Combo Breaker
    I had similar experience yesterday when I logged into my account. Seemed my account had been merged and I had access to 35 other policies including name and address, dates of birth and bank account details. I called D&G and said they’d investigate and call me back. I checked the ICO procedure and it seems to suggest you must allow D&G to investigate and respond before escalating. 
  • DullGreyGuy
    DullGreyGuy Posts: 17,185 Forumite
    10,000 Posts Second Anniversary Name Dropper
    eskbanker said:
    sir_shad said:
    Is there a regulator i can complain to? Not sure what the process here would be. 
    You can forward your complaint to the Information Commissioner's Office, who are responsible for data protection matters within the UK.
    ICO is the escalation point @eskbanker, you have to give the organisation themselves time to deal with the complaint before you can go to the ICO. Any material breach the organisation themselves have to report to the ICO with their action plans and the ICO then decide what level of oversight they want
  • eskbanker
    eskbanker Posts: 36,441 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    DullGreyGuy said:
    eskbanker said:
    sir_shad said:
    Is there a regulator i can complain to? Not sure what the process here would be. 
    You can forward your complaint to the Information Commissioner's Office, who are responsible for data protection matters within the UK.
    ICO is the escalation point @eskbanker, you have to give the organisation themselves time to deal with the complaint before you can go to the ICO. Any material breach the organisation themselves have to report to the ICO with their action plans and the ICO then decide what level of oversight they want
    Yes, I should perhaps have expanded on 'forwarding' a complaint to be clearer that it's forwarding an existing complaint, i.e. the one made to the organisation itself, rather than the ICO being the first port of call:

    What you'll need

    You'll need:

    • a copy of the complaint you have made to the organisation about how they have used your information [...]
    https://ico.org.uk/make-a-complaint/data-protection-complaints/data-protection-complaints/
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 349.7K Banking & Borrowing
  • 252.6K Reduce Debt & Boost Income
  • 452.9K Spending & Discounts
  • 242.7K Work, Benefits & Business
  • 619.4K Mortgages, Homes & Bills
  • 176.3K Life & Family
  • 255.6K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 15.1K Coronavirus Support Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture