Another big company guilty of shoddy data protection practices?
We like it when you email us with your stories. We love it when you send us something juicy. Most people tip us off to shoddy shops or downright rubbishness to help or warn other people, so they don’t get stung by the same sharp practice. Sometimes people get us involved in the hope that we can help them get a speedy resolution. And sometimes we do.
What happens less frequently is that we are emailed by a certain someone offering to sell us information. After all, we are not the News of the World and Andy hardly ever comes into the office topless. But recently we were approached by such a person who had information about a massive data protection issue in a FTSE 100 company.
This man, we’ll call him James, is an ex-employee of this online retailer and claims that hundreds of staff have unaudited access to the personal data of the 6.5million plus users of the online service. He also claims users can download personal data without detection, and that there are a number of serious security flaws in the website that are crying out for personal data to be used by a nasty immoral sort.
So we asked James for some proof. He claims it would have been seriously inappropriate for him to actually obtain personal data, and that he no longer has access, but wants this story to get as much coverage as possible. Provided he gets several hundred pounds to do the right thing and expose said big company of course. He hasn’t yet come back with any proof.
So we think we might contact the company and ask them. We haven’t paid James any money, so he hasn’t confirmed who the naughty company is, but he lives in Leicester and used to work for Next Plc., a FTSE 100 online retailer with several million online customers.