Data protection issue - what would you do?

SPA EQUIPMENT & MACHINES ✅ Beauty Salon Supplier in the US
SalonGeek

Help Support SalonGeek:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
KayaPapaya

KayaPapaya

Well-Known Member
Joined
Feb 29, 2012
Messages
1,754
Reaction score
15
Location
Hampshire
Hello geeks

A question for you. I went on to a popular trade website on Wednesday (never ordered from them before) but had set up an account a little while back.

Logged on using my email and password and was surprised to see Order History.

When I clicked on the link, I had full address/contact/phone/email details (but thankfully NOT bank details) of another person.

I emailed the company immediately and asked was this correct?! I waited. Yesterday (Thurs) I had a thank you for letting us know email - and we will look into it.

Today I logged on again, and I still have this information on my account. So emailed again with screenshots and mentioned I think they're breaching Data Protection laws for not having secure systems.

Anyway, I got a more speedy result this time, with we are urgently looking into it. But this information has been visible to me for 3 days now, and I'm not sure I would want to deal with this company! If I can see someone elses order history/address, who can see mine?!


Anyway, what would you do? Report them to who? The Information Commissioner? Or leave it?

It's a shame as I really want to buy something, but I'm not going to if anyone can see my details that's not me!
 
I would send them another email stating that you will be reporting them to the BBB (Better Business Bureau).... When people trust enough to put such personal details like their home address and contact information, the company needs to honor their customers privacy and not share it with a third party... I can imagine the shock if I had found out my personal details were in a strangers hands... Like I'm sure they could have at least removed it or lock her or his information untill they resolve it. And what if this is happening to others, I don't understand why did they get their details transferred to your account???
Baffled :/
 
I'm sure it's a system glitch but I don't feel happy passing on my bank/credit card details if there's a chance my details end up on this other lady's account!

They should have robust computer system that all account holder details are secure!
 
KayaPapaya said:
I'm sure it's a system glitch but I don't feel happy passing on my bank/credit card details if there's a chance my details end up on this other lady's account!

They should have robust computer system that all account holder details are secure!
Click to expand...

Is it the one you sent me a link to regarding some product the other day?
I would write the person who's details are visible a letter, I know if it were my details I would want to know about it and would be on my way to their head office straight away. Xoxo
 
Tomme said:
Is it the one you sent me a link to regarding some product the other day?
I would write the person who's details are visible a letter, I know if it were my details I would want to know about it and would be on my way to their head office straight away. Xoxo
Click to expand...

No, it's a different one.

I will write to their head office for sure. Not sure about contacting her though.

I'm just thankful I don't think I put my full details in the website. Just enough to register.
 
Tomme said:
Is it the one you sent me a link to regarding some product the other day?
I would write the person who's details are visible a letter, I know if it were my details I would want to know about it and would be on my way to their head office straight away. Xoxo
Click to expand...

I thought this too. I think you should contact the person. If it was you, you'd want to know.
This persons details may have been passed round and they could be getting tonnes of marketing calls and things because of it and not know why!

And well done for contacting the website and pushing it. It's really great that you didn't just ignore it :) xxx
 
Jigglyb4ll said:
I thought this too. I think you should contact the person. If it was you, you'd want to know.
This persons details may have been passed round and they could be getting tonnes of marketing calls and things because of it and not know why!

And well done for contacting the website and pushing it. It's really great that you didn't just ignore it :) xxx
Click to expand...

Good point. I know I definitely would want to know. But out of courtesy and because it's their computer problems, I would also expect the company to email/write all their customers to tell them there's been a data breach, but doubt that'll happen!

I'm glad there's no bank details on there, but I think they need to urgently review their security of their website. Wonder how many others can see details of not their account :(
 
As they didn't shut down their system to resolve the problem immediately, it seems rather complacent of them to just ignore it and carry on trading knowing they're exposing individual's information to anyone who registers for an account.

I'd be inclined to contact the Information Commissioner and report the breach. It's time some businesses started to take data protection issues seriously!
 
AcidPerm said:
As they didn't shut down their system to resolve the problem immediately, it seems rather complacent of them to just ignore it and carry on trading knowing they're exposing individual's information to anyone who registers for an account.

I'd be inclined to contact the Information Commissioner and report the breach. It's time some businesses started to take data protection issues seriously!
Click to expand...

Well quite. And lo-and-behold the information is still there. I can still buy if I want to. But where will my order go to? This lady or me? Who'll pay?

I did set up a dummy account yesterday and that was fine. But still :/

I've just looked and the other person's email is NOTHING in no-way anywhere near mine. We're geographically different ends of the country and our surnames/names are completely different.

It's really standard stuff surely for a website selling things to keep customer information confidential. Fundamentals of business I'd have thought.
 
AcidPerm said:
As they didn't shut down their system to resolve the problem immediately, it seems rather complacent of them to just ignore it and carry on trading knowing they're exposing individual's information to anyone who registers for an account.

I'd be inclined to contact the Information Commissioner and report the breach. It's time some businesses started to take data protection issues seriously!
Click to expand...

Agreed. I keep my paper record cards comfidential, and if details were on a pc I think I might be a bit nuts on the security. Wouldn't even have bank details but still needs super security.

As it happens my record cards are kept in a large cash tin, locked, and in my bag at all times. Can't help but remember when some of my details were handed out willy nilly and how angry/scared I was from what hands the details may have gotten into. Xoxo
 
True enough it's really basic stuff!

Obviously they're not that fussed otherwise my account would be suspended and sales stopped!
 
Information Commissioner forms are now downloaded and ready to go.

Was having second thoughts about reporting it, but the company is merrily promoting on Facebook and can't be bothered to sort this problem out.

Account details are still available to me. :(
 

Similar threads

P
Need to rant - rude client!
Replies
4
Views
2K
House Beauty
H
kengolding
Accidentally bought a salon
Replies
6
Views
4K
S15Beauty2022
S
vickiemurray
Extension hair - complaint
Replies
2
Views
1K
Angelhair111
A
L
Advice needed for a customer complaint
Replies
8
Views
2K
House Beauty
H
salonfrog
Supercuts
Replies
5
Views
1K
AcidPerm
A

Latest posts

Back
Top