Re: We've asked the Information Commissioner's Office to confirm it is aware of the issue. ®
We're still just designing these systems incorrectly, shoving everything as rows into the same tables with no thought of restricting data.
I doubt they're still designing any of this - odds on that this is the migration of Plusnet's customer data onto either BT Retail or EE's big fat arse SAP system with the minimum of changes. The core system could be decades old, and maybe that's why the security's crap. But now everybody can try SQL injection attacks against all BT group retail websites, knowing that offset errors aren't properly vetted?