Quotemehappy? No, I'm furious: Insurance site loses customer details Aviva-owned online-only insurance business Quotemehappy.com has informed customers that there has been a data breach at its website. Quotemehappy announced that it had "recently" lost a "small number" of customers' details, comprising "vehicle registration, email address, mobile number, landline number and address." An email …
Quotemehappy.com has identified an incident where a small percentage of customers were able to see another customer’s contact details, such as name, address and telephone number, when they logged into their account.
These details could not be changed and no sensitive, personal or financial, information could be viewed or accessed.
The issue has now been fully resolved and we have contacted all impacted customers to explain the situation and have notified the FCA and the ICO.
------------------
And I hope both the ICO and FCA smacks these muppets upside the head.
You can see the details but not view them? Notwithstanding this invention called writing that can be used, you know to write stuff down. You know...access?
Telephone numbers and addresses with names...that's bad enough but to make a statement like that is justification enough to stand, point and laugh at these idiots.
"were able to see another customer’s contact details, such as name, address and telephone number,...no sensitive, personal or financial, information could be viewed"
So name, address and telephone number aren't sensitive now? These could be used to obtain other sensitive things like Date of Birth and more through all manner of routes e.g. insufficiently protected social media accounts (yes, I know!), social engineering contact and the like.
If you think some kinds of personal information aren't sensitive then it's no wonder these breaches happen. Hell, even anonymised data can be de-anonymised by a determined crim or $MEGACORP. *ALL* personal information is sensitive and should be protected as such.
An ICO spokesperson said: “We’re aware of an incident involving Aviva and are making enquiries.”
As I've said before, I bet the Chocolate fire guard department are positively melting at the thought of "making enquiries" and giving some company a light tap on the wrist. Since the ICO will simply tell Aviva not to use the data breach again in its current form (in about 2 years time) perhaps the ICO was merged with the ASA and we all missed the memo?
I'm just glad they said no personal information was lost like you know, name, address, telephone number. Things that basically can be used to get other information for identity theft.....
Who is the bigger fool? The fool or the fool who believes the fool or even the fool who foolish allows the fool to fool knowing full well they are being taken for a fool or the fool that believes anything will be done about this and other breaches or anything will ever change.
According to Aviva the data isn't sensitive, may I suggest this and all future such breaches be punished by making exactly the same data, belonging to senior execs, available to the public on the sites homepage for at least 12 months. Bet they sort their security out then.
It might not be on their homepage, but the majority of the leaked information here for the Execs is already in the public domain. Check out Companies House, then check the FCA and PRA for financial services companies. Other regulated industries have similar websites.
So as well as getting companies secured, we need to get the government secured
At least they're offering some form of protection for those affected.
Both I and my partner have had our details stolen twice (by employees) from Aviva whilst we had car policies with them, because we each reported an incident (not a claim) as required to under terms of the policy.
In each case Aviva denied any data breach when I contacted them after we received multiple "you've had an accident" calls from firms claiming to represent Aviva. Each time I later received a letter from them admitting that employees had in fact stolen and sold our data. After the first breach they claimed that they had dramatically improved internal security, yet they still failed to catch the second (a manager) for some time: http://www.bbc.co.uk/news/business-34544659
To date the only redress they have offered any of the customers affected (to my knowledge) is £25 costs to one who changed telephone numbers after being plagued with spam calls.
5 years on from the first breach, we still get the odd spam call from this although I've moved to a fairly "aggressive" handling strategy that is dealing with the last few.
It'll be a cold day in hell before either of us ever trust Aviva with any form of personal data again.
I'm with Quote Me Happy for at least a couple more months, I havent received any email from them yet.
Moved the missus to M&S premium car insurance a few weeks ago... over £200 cheaper than the renewal from her current provider with better cover, lower excess, it was still about 130 cheaper than QMH too, oh it came with really silly rac breakdown cover too as an added bonus
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
