back to article Your data was 'taken without permission', customers told, after personal info accessed in O2 UK partner's database

Hackers have slurped biz comms customers' data from a database run by one of O2's largest UK partners. In an email sent to its customers, the partner, Aerial Direct, said that an unauthorised third party had been able to access customer data on 26 February through an external backup database, which included personal …

  1. rndSheeple

    6 years past customers names and birth dates etc... nice

    I am quite sure that as it was a "backup" they never harassed (marketed?) their ex customers and just kept this for the sheer joy?

    Even though I am not blighty based I would wager 30% of my right testicle that they will not get fined for GDPR breach due to backups being difficult to access and partially delete afterwards. Except for the magical hackers who just got access passing all the difficult bits by with a wave of the black hat.

    1. robidy Bronze badge

      Re: 6 years past customers names and birth dates etc... nice

      Congratulations, your right testicle is now 25% bigger (HMRC have taxed your stake)

    2. Anonymous Coward
      Anonymous Coward

      Re: 6 years past customers names and birth dates etc... nice

      Yeah, thankfully, IIRC I left 7 years ago. So hoping my info ain't in there. No doubt some other leak has it, but not this one.

  2. tfewster Silver badge
    Facepalm

    Yeah, yeah

    Another copy-pasted statement* in response to a breach. If only they had spent as much time Googling "security" before the event as they did finding the Excuse Database afterwards...NSFW

    *At least they didn't include the lie the "security is paramount".

  3. Anonymous Coward
    Anonymous Coward

    with assistance from experts

    Call me cynical but if they employed experts in the first place while setting these up these databases up in the first place they wouldn't have these problems. It could also solve replications and duplication issues.

    1. Norman Nescio

      Re: with assistance from experts

      Call me cynical but if they employed experts in the first place while setting these up these databases up in the first place they wouldn't have these problems. It could also solve replications and duplication issues.

      Cynical, the Muphry is strong here.

    2. DavCrav Silver badge

      Re: with assistance from experts

      "[...] in the first place [...] these up these databases up in the first place [...] It could also solve replications and duplication issues."

      I cannot decide if I prefer that to be intentional or unintentional.

      1. Anonymous Coward
        Anonymous Coward

        Re: with assistance from experts

        It was intentionally unintentional, hope that clears it up.

      2. Justin Case

        Mother Brown (to the tune of)

        These up, these up

        Don't get the breeze up

        These up Mother Brown

  4. HildyJ Silver badge
    Facepalm

    No further comment

    While I'm not into testicle bets, I suspect that the statements they've made are all that they're going to say about it.

    I also suspect that the 'hacking' involved someone finding an unencrypted file on an unprotected server.

  5. Doctor Syntax Silver badge

    "a full investigation to determine what happened "

    Somehow I suspect it might be more a case of what didn't happen. Some little thing like securing the backup.

  6. Pascal Monett Silver badge

    "able to access customer data on 26 February through an external backup database"

    Um, one question : how is it that a "backup" database was accessible through the Web ?

    It is child's play for an experienced, competent administrator to firewall any part of his network from the Internet if he has the funding and the will of the Board. The fact that the backup was "external" changes nothing. Am I to understand that the admin in charge did not have those elements, or that he is incompetent ? Which is it ?

    1. A.P. Veening Silver badge

      Re: "able to access customer data on 26 February through an external backup database"

      Which is it ?

      The board wasn't willing to spend the money, so now the board gets to pay manifold in fines next to the necessary spending on security.

      1. The Dogs Meevonks

        Re: "able to access customer data on 26 February through an external backup database"

        Typically the fine is far, far lower than the cost of adequately securing the data and ensuring it's continued security to begin with. So they always go with the cheaper option.

        1. A.P. Veening Silver badge

          Re: "able to access customer data on 26 February through an external backup database"

          Typically the fine is far, far lower than the cost of adequately securing the data and ensuring it's continued security to begin with. So they always go with the cheaper option.

          It used to be cheaper, but now with GDPR (and the Californian equivalent), that is changing and in my not so humble opinion for the better.

  7. Anonymous Coward
    Anonymous Coward

    "partners"

    I've always thought it really bizarre that Vodafone and CellnetO2 conduct some of their business using these pointless, parasitical, wasteful and very literal man-in-the-middle "reseller" "partner" setups, when the other mobile networks don't. Surely it would make more sense to not bother with middlemen and cut out the cruft? What "value", if any, do they actually add? You would also think/hope (hmmm) that if customer data were only stored in-house by the telco themself, the magnifying effects of scale/competency would at least hopefully mean a greater chance of data being processed properly securely (yes, I know...).

    1. This post has been deleted by its author

    2. bpfh Silver badge

      Re: "partners"

      Probably works when they have to manage custom & special setups that go beyond a mobile phone or a WiFi hotspot, like systems requiring 4G Cisco routers and embedded stuff, along with the corresponding vpn support that goes beyond what any customer facing telco team are able to talk about?

  8. liggerz87

    Karma this company is despicable they cold call o2 customers pretending to be o2 then sign you up to business account were you dont have no cool off or nothing look up aerial direct on mse website and also on o2 community

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020