BT under ICO investigation after mass data exposure incident
Send to Kindle
THE UK Information Commissioner's Office (ICO) is following up on reports that a series of mistakes at BT exposed a lot of people's personal data.
According to The Register, a whistleblower shared details regarding a number of gaffes that cumulatively paint a rather bad picture of email operations at the firm.
The story's sources spoke of poor security procedures at Critical Path, a white label email product chosen by the firm as an alternative to Yahoo mail.
Sources talked of a series of incidents such as a large number of users' details being exposed during a data migration, and the alleged logging of usernames and passwords.
"[The] careless implementation of security safeguards [was] affecting the privacy of BT internet mail users," said one source.
The Information Commissioner's Office has picked up on this, and so has BT. The ICO told us that it spoke with the firm last week and is still seeking a resolution.
"On 13 March 2014 we wrote to BT with a number of questions," said an ICO spokesperson. "Our enquiries into this matter are still ongoing and no conclusions have yet been reached."
BT confirmed this in a statement to The INQUIRER. It said that the ICO is assessing the security of BT Mail, a service provided by the company once known as Critical Path.
"BT takes the security of all products very seriously and, in the process of developing new services with partners, we rigorously audit and test for security, and fix any identified issues before going into live service," said a spokesperson.
"We believe this unverified assessment of BT Mail relates to an issue identified and fixed as part of our normal testing and development process." µ