📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

POP telecom - security

sailor_girl
sailor_girl Posts: 5 Forumite
First Post
in Consumer rights
I am concerned that I received a user name AND password in the same email from POP telecom, this doesn't seem very secure to me. I logged on expecting to get a message to change my password straightaway but I didn't and although I hunted around I could not see any way to change it, except for the Invoices portal. Surely this means that anyone in the company could mess around with my account. Is this a GDPR issue?

Comments

  • Aylesbury_Duck
    Aylesbury_Duck Posts: 15,731 Forumite
    Part of the Furniture 10,000 Posts Name Dropper
    sailor_girl said:
    I am concerned that I received a user name AND password in the same email from POP telecom, this doesn't seem very secure to me. I logged on expecting to get a message to change my password straightaway but I didn't and although I hunted around I could not see any way to change it, except for the Invoices portal. Surely this means that anyone in the company could mess around with my account. Is this a GDPR issue?
    Wouldn't that be the case even if your user name and password had been sent in separate emails?

    If you're concerned about their security, move your account elsewhere.  I presume you're in a cooling-off period?
  • powerful_Rogue
    powerful_Rogue Posts: 8,399 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    Didn't you post the other day about cancelling your direct debit to cancel the contract? For some reason the thread has vanished.
  • sailor_girl
    sailor_girl Posts: 5 Forumite
    First Post
    Yes I have cancelled my contract, although they are still trying to bill me for phone calls I supposedly made after that date (and while I was 300 miles away!) 
  • eskbanker
    eskbanker Posts: 37,511 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    sailor_girl said:
    Surely this means that anyone in the company could mess around with my account. Is this a GDPR issue?
    There will inevitably be many people within organisations like that with access to your account, so including login credentials within an email is unlikely to weaken data security within the company, but potentially exposes some additional risk during transmission if interception is a possibility.  The ICO's advisory guidance suggests not sending passwords by email but that doesn't in itself mean that there's any actual breach of the legislation, never mind an actionable one:
    Do not send passwords over email, even if they are temporary – use one time links
    https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/security/a-guide-to-data-security/passwords-in-online-services/
  • sailor_girl
    sailor_girl Posts: 5 Forumite
    First Post
    Thanks.

    It just confirms my opinion that they probably don't know what they are doing. 
    Every time I phone them up they don't seem to know what I am talking about when I mention my problem, I have to explain myself all over again and they always seem surprised, so I am guessing they don't make proper notes of calls either. 
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351.3K Banking & Borrowing
  • 253.2K Reduce Debt & Boost Income
  • 453.7K Spending & Discounts
  • 244.3K Work, Benefits & Business
  • 599.5K Mortgages, Homes & Bills
  • 177.1K Life & Family
  • 257.8K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.2K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture