We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
Payslip, worried about identity theft
Hello all,
hope this is the right forum for this, please let me know if not and I can try to move it.
I’m looking for some advice regarding personal information leak with a payslip that was sent to the wrong email address. I’ve seen a few similar questions in the forums, but wanted to try and get some specific advice as the payslip also includes the National Insurance Number.
TL;DR: my wife accidentally sent her payslip to an unknown email recipient, now we’re worried about potential consequences and would like to know what we need to do to protect us from potential issues now and in the future.
So what happened is: my wife accidentally (auto-complete, email address saved in history) sent her payslip from her personal email account to an old WindowsLive.com email account that belonged to her sister. The trouble is that her sister hasn’t used that account since 2013 at the latest and can no longer access or recover it, as the old password is no longer accepted and the recovery email account partially shown in the relevant option is not hers. The email was delivered (i.e. did not get an “undelivered” notification), so this makes us think that the email account has been deleted due to inactivity and was subsequently recycled, i.e. now belongs to someone else. Or even worse, it has been hacked or spoofed, so it could now be controlled by a malicious person. We did send an email afterwards asking for the accidentally sent email to be deleted, but have had no response.
Our worst case assumption therefore is that her personal information (name, email address, current address, national insurance number, employer name and address, last 4 digits of her bank account) has now been compromised and we need to protect ourselves. What do we need to do to achieve that? What are the scenarios we need to be protected from? And, do we need to worry about this for ever, as things like name and National Insurance Number obviously stay the same and never change, so they’ll be “out there” forever?
So far we’ve done the following:
- notified her bank about this, they suggested CIFAS protective registration, there is nothing they can do at this point
- contacted Action Fraud, they suggested CIFAS too, as no actual fraud has occurred (yet, at least)
- checked credit reports on all agencies for anything suspicious (nothing yet)
- Added CIFAS protective registration for 2 years
- Set reminders to frequently check on credit reports for anything suspicious
- put a password via a notice of correction on her credit report in Experian, the rest to follow
Planning or thinking about doing the following too:
- perhaps put a lock or freeze on her credit reports too
- Sign up to a paid alert service that monitors credit reports
In the near future we are not planning on getting any sort of credit/loan/mortgage, so perhaps we won’t be disrupted much/at all by those measures. But still need some advice/reassurance that we’re doing the right things and we’re not missing something, or even making something worse.
Thanks to anyone that had the patience to read all this, any advice will be highly appreciated
Comments
-
Did you try to contact Microsoft to explain this and ask them if they can delete the email from their side? They will also be able to tell you if the email was opened or if the email is even in use.0
-
Putting this as bluntly as I can, this is a complete hysterical overreaction.stevat said:Hello all,
hope this is the right forum for this, please let me know if not and I can try to move it.
I’m looking for some advice regarding personal information leak with a payslip that was sent to the wrong email address. I’ve seen a few similar questions in the forums, but wanted to try and get some specific advice as the payslip also includes the National Insurance Number.
TL;DR: my wife accidentally sent her payslip to an unknown email recipient, now we’re worried about potential consequences and would like to know what we need to do to protect us from potential issues now and in the future.
So what happened is: my wife accidentally (auto-complete, email address saved in history) sent her payslip from her personal email account to an old WindowsLive.com email account that belonged to her sister. The trouble is that her sister hasn’t used that account since 2013 at the latest and can no longer access or recover it, as the old password is no longer accepted and the recovery email account partially shown in the relevant option is not hers. The email was delivered (i.e. did not get an “undelivered” notification), so this makes us think that the email account has been deleted due to inactivity and was subsequently recycled, i.e. now belongs to someone else. Or even worse, it has been hacked or spoofed, so it could now be controlled by a malicious person. We did send an email afterwards asking for the accidentally sent email to be deleted, but have had no response.
Our worst case assumption therefore is that her personal information (name, email address, current address, national insurance number, employer name and address, last 4 digits of her bank account) has now been compromised and we need to protect ourselves. What do we need to do to achieve that? What are the scenarios we need to be protected from? And, do we need to worry about this for ever, as things like name and National Insurance Number obviously stay the same and never change, so they’ll be “out there” forever?
So far we’ve done the following:
- notified her bank about this, they suggested CIFAS protective registration, there is nothing they can do at this point
- contacted Action Fraud, they suggested CIFAS too, as no actual fraud has occurred (yet, at least)
- checked credit reports on all agencies for anything suspicious (nothing yet)
- Added CIFAS protective registration for 2 years
- Set reminders to frequently check on credit reports for anything suspicious
- put a password via a notice of correction on her credit report in Experian, the rest to follow
Planning or thinking about doing the following too:
- perhaps put a lock or freeze on her credit reports too
- Sign up to a paid alert service that monitors credit reports
In the near future we are not planning on getting any sort of credit/loan/mortgage, so perhaps we won’t be disrupted much/at all by those measures. But still need some advice/reassurance that we’re doing the right things and we’re not missing something, or even making something worse.
Thanks to anyone that had the patience to read all this, any advice will be highly appreciated
WindowsLive/Outlook does not allow emails to be reused, it does not send undeliverable messages and is is highly improbable anyone is using that email.
The theoretical risk of anything happening is only slightly over zero, if anything it will not be other people applying in her name, it will be phishing for card details which can be rendered in effective by basic common sense.7 -
I agree with Matt that there is little risk. I would suggest that you should keep an eye on credit reports to see if anything new pops up - but we all should be doing that as a matter of course. Maybe if she's got a gov.uk gateway account for tax etc. she change the password to something wildly random as the NI number would be a useful thing for a scammer - not that I think a scammer could actually intercept this. Everything else is easily available to anyone really from public records.Uriziel said:
@Uriziel - I wouldn't expect Microsoft to engage with the OP or wife as it's not either of their accounts. If the sister contacted them something might happen but otherwise it would be a data breach to accept instructions from someone who is not the account holder.Did you try to contact Microsoft to explain this and ask them if they can delete the email from their side? They will also be able to tell you if the email was opened or if the email is even in use.I’m a Forum Ambassador and I support the Forum Team on Debt Free Wannabe, Old Style Money Saving and Pensions boards. If you need any help on these boards, do let me know. Please note that Ambassadors are not moderators. Any posts you spot in breach of the Forum Rules should be reported via the report button, or by emailing forumteam@moneysavingexpert.com. All views are my own and not the official line of MoneySavingExpert.
Click on this link for a Statement of Accounts that can be posted on the DebtFree Wannabe board: https://lemonfool.co.uk/financecalculators/soa.php
Check your state pension on: Check your State Pension forecast - GOV.UK
"Never retract, never explain, never apologise; get things done and let them howl.” Nellie McClung
⭐️🏅😇🏅🏅🏅🏅0 -
I agree with @MattMattMattUK a completely unnecessary overreaction about an email that is now sitting either on a server unable to be delivered or in an old inbox that will never be accessed again.
You've wasted a lot of your time and if you have paid for anything, your money too.
Action Fraud must be rolling on the floor in hysterics if not angry at the waste of their time too.
0 -
Thanks all for your input so far, much appreciated!
@Uriziel we didn't really think about that, but like @Brie said, it is unlikely they'd be able/willing to act (e.g. delete an email or even provide information) about an account that presumably belongs to someone else now. Still, perhaps worth asking the question via the sister just in case the account is still hers somehow.
@MattMattMattUK we really hope you're right. There is no concrete official information from Microsoft on this though; it looks like they no longer recycle email addresses, but anecdotal evidence suggests this practice was happening in the past and possibly stopped around 2018. Last time this email account was accessed by my wife's sister was back in 2013 or thereabouts, so it's conceivable (not sure how likely though) that the account belongs to someone else now. And as for undeliverable emails, I just sent an email to a wildly random WindowsLive email address and it immediately came back as undeliverable. This makes us think that the sister's old email account is still receiving emails.
@Brie, my wife does have an account on gov.uk, so good idea to make sure it's changed (although she typically uses strong passwords). And it's also MFA protected, needs to be sent a code via text to login every time.
Yes, it's the NI that we're mostly worried about and trying to understand how it could pose a risk for her, assuming it's leaked. Do scams tend to happen while the data leak is fresh, or is this something we should always be concerned about?
(and yes, being vigilant with credit reports, scams etc. is something we should all be doing)
0 -
I would keep an eye on credit file but I absolutely wouldn't be worrying about the use of a national insurance number specifically.Indecision is the key to flexibility
0 -
As per all the responses above, the chance of this mail ever being read by another human being is close to zero, but even if someone did receive / read your wife's payslip, try to appreciate what an infinitesimally small percentage of recipients would even think to try and use these details for fraud.
I can think of at least 20-30 companies that have my Name, address, and NI Number, quite a few of which which have had data leaks reported in the past.
Would you be panicing to the same extent if your wife's payslip had been posted to an old (or incorrect) physical address and start moving house and ringing the tax office?• The rich buy assets.
• The poor only have expenses.
• The middle class buy liabilities they think are assets.2 -
Thanks all for your input, much appreciated. Fingers crossed nothing weird happens0
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 354.2K Banking & Borrowing
- 254.3K Reduce Debt & Boost Income
- 455.3K Spending & Discounts
- 247.2K Work, Benefits & Business
- 603.8K Mortgages, Homes & Bills
- 178.4K Life & Family
- 261.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.7K Read-Only Boards