NOW OPEN: the MSE Forum 'Ask An Expert' event. This time we'd like your questions on TRAVEL & HOLIDAY DEALS. Post by Wed and deals expert MSE Oli will answer as many as he can.
The Hack Letter from mobiles.co.uk
36 replies 7.9K views
This discussion has been closed.
Latest MSE News and Guides
Energy Price Cap change
Martin Lewis on what it means for youMSE News
Best £1 you've ever spent?
Share your most impressive bargainsMSE Forum
New MSE Forum avatars available
Try 'em out nowMSE Forum
It was set up in 1995 as MEAUJO and CPW acquired it in 2007 I don't what ? Yes it is and the seller is another entity, as already established, which is why it's nothing to do with the Network for liability.
Talkmobile is an mvno on Vodafone, recently sold by CPW to Vodafone.
iD mobile is an mvno on Three
Fresh was on T-Mobile, closed down
In the past, O2 contract customers direct and those via Carphone Warehouse might find slight differences in some tariffs and inclusive calls.
Carphone Warehouse customer? Protect yourself after data breach
Click reply below to discuss. If you haven’t already, join the forum to reply. If you aren’t sure how it all works, read our New to Forum? Intro Guide.
What use is that going to do? I'm surprised they're still being suggested as the first port of call for such things....
-o I am humble -o You are attention seeking -o She is Nadine Dorries
Why would I need to know Silk's pedigree before I responded to a post designed to discourage CPW customers from threatening to cancel their contracts? And why is his most recent post aimed at splitting further hairs about who actually launched mobiles.co.uk before CPW took them over? Fact is that Silk chose to use language belittling mobiles.co.uk i.e. to suggest that they were an insignificant "third party" - "some sales company". The tone of the post suggested an agenda. Maybe it has something to do with the reputations of Networks with a capital "N"?
Silk is one word used to describe a barrister at law. Are we to suppose Silk is a real life barrister and if so, what sort of cases does Silk take on and for whom?
Silk was as good as telling the nation that the upshot of all this is not something we can complain about to the mobile phone industry in general, for example by trying to assert rights to cancel contracts arranged negligently via CPW as agents for the airtime networks. Why not? Just because silk says so and uses lower case to dismiss "some sales company" and upper case for the "Network" in the same way I always use upper case for God and for England?
Of course we can assert those rights to cancel - the mobile phone industry has enjoyed unfettered access to CRA data for far too long and now we have a massive reminder of how badly they and their chums have been protecting it. If a network wants to let an agent handle sign ups, then they can't simply wash their hands of the complaints about those contracts and the way personal data was mishandled by their agents.
And if a player as big as CPW can make such a c¤ck-up, just think how flakey security must be with all the other players - that's both the networks and middlemen. Our personal data has been spread all over the planet in the name of these businesses - until 5th August, we just didn't realise quite how much of it they were storing and how vulnerable that makes each of us.
I always thought it was slightly odd that I could walk into a CPW shop in South London in 2012 or 2013 or 2014 or 2015 or indeed any year since the year dot it seems, and CPW staff at the desk could look up old records of a phone contract I bought from them in Cambridge 20 years ago with a number that was after 12 months handled directly by BT Cellnet and which I stopped using 15 years ago attaching to an address I stopped living at 12 years ago. Why do they keep data like that so long or at all once they've lost the business? MSE report that 2.4 million people are affected by the security breach. I would hazard that CPW expanded so rapidly that if it has kept personal data for decades like it kept mine even though I wasn't a customer for long intervening periods, then that 2.4 million figure is just a rather low estimate - is it perhaps the number of current customers affected rather than the number affected who have ever been a customer? Mobiles.co.uk was operating as a division of CPW. How much personal data has crossed the divide over the years between divisions? Customer service departments in the separate divisions have been very fond of telling customers that they can't deal with (or see) the contracts arranged with other CPW divisions e.g. when I had a landline contract with TalkTalk, they couldn't access or deal with my TalkMobile account and were always anxious to explain that the "companies" were separate. But behind the scenes, what "synergies" in data handling have they actually exploited and left holes in our security as a result?
I don't care what you think - it doesn't count for much when you deliberately stand in the way of right thinking. Actually I do care what you think - you are as good as saying that vulnerable customers should remain blissfully ignorant of the risks they have been so carelessly exposed to by major corporates.
Your use of the word crusade is a deliberate insult, typically used by corporate culture ingrained flunkeys against those who take personal risks to try to expose bad culture and bad industry habits.
In fact your latest rant not only continues to display a complete lack of basic knowledge of Englsh law but ludicrous swipes at Silk's username and utter paranoia even to the assumed ridiclous reason for this thread. I won' even bother with the personal insults, which are in keeping with a baseline of total ignorance
Talk of cancelling mobile contracts is ill-judged - it will not happen (unless your contract is with the same company that sold it, which to my knowledge, is not possible, unless you had a contract for o2 from the dark old days when CPW handled the contracts). Talktalk customers may have a glimmer of hope, but I doubt it.
I can recall that their site kept rejecting my card, so for my wife's phone I think I tried about 4 cards - that was in October 14. Is there any concern that the credit card data's encryption key was stolen?
Any advice welcome as this is stressing me out!
I think we should start a website WhichCompaniesLostData.com
Keep an eye on your bank account and check your external credit files now and then. Never give out any personal information on unsolicited phone calls (it could provide the information they haven't got). You could change all your accounts, but since fraud comes at an unpredictable time and from an unknown source you can't avoid all potential incidents.
Even if something untoward occurs on your account it could happen in a year's time and may or may not be down to this particukar breach; that is something you're highly unlikely to ever find out should that happen.
jnm21 is right - CPW should be forced into full disclosure of the extent of the exposure. One way for us to help it along would be if they started receiving flack from a significant body of insistent customers demanding the right to cancel and to walk away from existing contracts arranged by CPW. The networks should be told by their disgruntled customers that it is not a customer problem to shoulder, and that the networks should hold their airtime sales agent to account.
One way for the government to get with the program on Data Protection would be to use this massive breach as an example where ICO actually pursues CPW vigorously for the breaches of DPA described.
I haven't looked at EU Product Liability and EU Data Protection law for a long time, but one old theme is that if a customer is damaged by a product or service they've bought, the customer doesn't only have single recourse to the person that sold it. Sometimes it is useful to be able to do that, but meantime in this instance it may be useful to aim the criticism at the "involved" networks and claim the right to cancel due to negligent handling of personal data in relation to the conduct of the contract, and then let the network argue their loss with their sales and data handling agent (CPW?). If enough people complain in this way then existing law is no barrier to right-thinking.
Always an interesting angle when initial contracts involve large (>£100) initial credit card payments is the possibility of some CCA Section 75 protection but I think that might only extend to a remedy for non-performance of a service contract as opposed to damage caused by a faulty service e.g. a service which negligently stores personal data which is then hacked too easily.
Reforming the law with regard to the types of personal data risk we are all now so expert at managing or advising upon (or dismissing) has been testing many real expert minds for some time now. Reform is long overdue. The last major EU law reform in this area was in 1995.
There was already very important law-making/law reform discussion going on in Europe right now under the heading of General Data Protection Regulation (GDPR).
Breaches like this may (perhaps inside 2 years now) become punishable by fines of up to 5% of annual turnover, and not a day too soon if you ask me. But if you ask others, then there's nothing you can do except be like them i.e. not stressed (until someone questions their apathy) and not strange :rotfl: