LesGriff Posted August 22, 2018 Report Share Posted August 22, 2018 The CRT have sent me a licence renewal email with a PDF attached, unfortunately there is also another 320 PDFs for other people’s licence renewals including all their personal details, I have informed them but no reply yet, is it just me? Please excuse any spelling grammar mistakes I have just recovered from a stroke and my brain is not what it was. Link to comment Share on other sites More sharing options...
WotEver Posted August 22, 2018 Report Share Posted August 22, 2018 321 PDF’s all attached to one email? They must be tiny. As the small print no doubt says, “if the contents of this email are not for you, please delete them”. Link to comment Share on other sites More sharing options...
Arthur Marshall Posted August 22, 2018 Report Share Posted August 22, 2018 I think it mean that you have won the lottery and now have to pay for 320 other people's licences. Can you let me know if I'm on the list just so I don't make a mistake and pay it meself?? Seriously though, when you say personal details, do you mean just boat names and the owners name and address, or are there bank account details included too on the PDFs? If the former, it's not too dreadful (someone's hit CC instead of BCC, I suspect), if the latter, dangerous. Link to comment Share on other sites More sharing options...
Robbo Posted August 22, 2018 Report Share Posted August 22, 2018 (edited) Oh dear, a slight GDPR violation then CRT will need to report the breach. A google points here; https://ico.org.uk/for-organisations/report-a-breach/. As they are now aware they will need to report with in 72hours. Edited August 22, 2018 by Robbo 1 Link to comment Share on other sites More sharing options...
Nut Posted August 22, 2018 Report Share Posted August 22, 2018 first of all hope you are on the mend, secondly report them Link to comment Share on other sites More sharing options...
LesGriff Posted August 22, 2018 Author Report Share Posted August 22, 2018 (edited) Thanks everyone for the reply's, WotEver The email was just over .6 Gig i have deleted them. Arthur Marshall No bank details but name address boat name and number also mooring details and phone number, was Bcc. Robbo I have reported it to the CRT but no reply yet. Nut I am much better thank you just my brain not working properly yet my wife says it never did, I doesn't stop me going to the boat so all is well. Edited August 22, 2018 by LesGriff Link to comment Share on other sites More sharing options...
Tim Lewis Posted August 22, 2018 Report Share Posted August 22, 2018 From Facebook: This morning (22 August 2018) the Canal & River Trust discovered a data breach in relation to licensing renewals affecting around 950 customers. The breach was due to a technical issue at our sub-contractor and not a breach of the Trust’s security system. We do not believe that anyone has been put at financial risk but the Trust offers sincere apologies for this error. We are contacting those customers that have been affected (look out for an email) but any customer with concerns can contact the Trust customer service team on 0303 040 4040. Damian Link to comment Share on other sites More sharing options...
koukouvagia Posted August 22, 2018 Report Share Posted August 22, 2018 (edited) If this is true, then it is staggeringly incompetent. The penalties for this sort of breach under the new GDPR regulations are severe. This needs reporting to the ICO. eta. Sorry, didn't see Robbo's post #4 Just tried to get on to the ICO website and, guess what, it's not working! Edited August 22, 2018 by koukouvagia 1 Link to comment Share on other sites More sharing options...
Jen-in-Wellies Posted August 22, 2018 Report Share Posted August 22, 2018 19 minutes ago, Tim Lewis said: From Facebook: This morning (22 August 2018) the Canal & River Trust discovered a data breach in relation to licensing renewals affecting around 950 customers. The breach was due to a technical issue at our sub-contractor and not a breach of the Trust’s security system. We do not believe that anyone has been put at financial risk but the Trust offers sincere apologies for this error. We are contacting those customers that have been affected (look out for an email) but any customer with concerns can contact the Trust customer service team on 0303 040 4040. Damian The same canned statement is in a pdf downloadable from the CaRT web site if you do a search for data breach. https://canalrivertrust.org.uk/media/original/38589-statement-re-data-breach-in-relation-to-licensing-renewals.pdf?v=c3fca5 Jen Link to comment Share on other sites More sharing options...
Phil. Posted August 22, 2018 Report Share Posted August 22, 2018 22 minutes ago, koukouvagia said: If this is true, then it is staggeringly incompetent. The penalties for this sort of breach under the new GDPR regulations are severe. This needs reporting to the ICO. eta. Sorry, didn't see Robbo's post #4 Just tried to get on to the ICO website and, guess what, it's not working! Yeah great, let's hope crt get fined tens of thousands of our licence fee pounds, and then we can have even less spent on maintaining the canals. 1 Link to comment Share on other sites More sharing options...
mrsmelly Posted August 22, 2018 Report Share Posted August 22, 2018 1 hour ago, Phil. said: Yeah great, let's hope crt get fined tens of thousands of our licence fee pounds, and then we can have even less spent on maintaining the canals. Completely agree. Like these numpty overpaid solicitors advertising on how to make a medical cock up claim. Yeah we should all help stuff solicitors pockets with money whilst sat at their cushy desk jobs at the expense of our fantastic nhs who obviously make some mistakes. 5 hours ago, LesGriff said: The CRT have sent me a licence renewal email with a PDF attached, unfortunately there is also another 320 PDFs for other people’s licence renewals including all their personal details, I have informed them but no reply yet, is it just me? Please excuse any spelling grammar mistakes I have just recovered from a stroke and my brain is not what it was. If mine is amongst them please pay it for me ?? 1 Link to comment Share on other sites More sharing options...
Chewbacka Posted August 22, 2018 Report Share Posted August 22, 2018 2 hours ago, Phil. said: Yeah great, let's hope crt get fined tens of thousands of our licence fee pounds, and then we can have even less spent on maintaining the canals. Yep, get gun, aim at own foot, bang, that will teach them.......... Link to comment Share on other sites More sharing options...
Jo_ Posted August 22, 2018 Report Share Posted August 22, 2018 I have also had the licence renewal email (and the ooops email) and 132 .pdfs of other people boat/insurance/telephone/mobile/home address details. Catch me renewing online at the moment ............. Link to comment Share on other sites More sharing options...
Robbo Posted August 22, 2018 Report Share Posted August 22, 2018 There is no reason for the pdf in the first place, email is insecure so why is personal details been sent via that method in the first place! Link to comment Share on other sites More sharing options...
Clodi Posted August 22, 2018 Report Share Posted August 22, 2018 In the CRT statement they make it clear that the mistake lies with a 'subcontractor' therefor surely said 'subbi' is at fault and liable? Link to comment Share on other sites More sharing options...
George and Dragon Posted August 22, 2018 Report Share Posted August 22, 2018 5 minutes ago, Clodi said: In the CRT statement they make it clear that the mistake lies with a 'subcontractor' therefor surely said 'subbi' is at fault and liable? Subcontractor may have some liability, responsibility ultimately rests with the data controller which will be CRT. Best we can hope for is subcontractor has insurance which will pay the fine. Link to comment Share on other sites More sharing options...
Arthur Marshall Posted August 22, 2018 Report Share Posted August 22, 2018 As I've said in another thread on this, It is no longer logical to expect that ANY information held on a database by any company is secure. All the evidence points the other way, from government sites being hacked or just leaving CDs about, to almost every mobile phone company losing its info to, in fact, virtually everyone who holds any info on their computer and is connected to the internet, or just backs up onto a separate drive. It's pointless legislating, and as pointless getting upset. It's just the price you pay for things being done online. Anyone who knows anything about internet security knows that there is no such thing. It's not just that the systems themselves aren't secure, but people are also involved, and they're not. They make mistakes. You can't legislate that out of existence. In this case, no damage has been done - any info out there as regards names and addresses is readily available and has probably been sold fourteen times already, and guess what? You can look phone numbers up on the net... 2 Link to comment Share on other sites More sharing options...
MtB Posted August 22, 2018 Report Share Posted August 22, 2018 1 hour ago, Arthur Marshall said: As I've said in another thread on this, It is no longer logical to expect that ANY information held on a database by any company is secure. All the evidence points the other way, from government sites being hacked or just leaving CDs about, to almost every mobile phone company losing its info to, in fact, virtually everyone who holds any info on their computer and is connected to the internet, or just backs up onto a separate drive. It's pointless legislating, and as pointless getting upset. It's just the price you pay for things being done online. Anyone who knows anything about internet security knows that there is no such thing. It's not just that the systems themselves aren't secure, but people are also involved, and they're not. They make mistakes. You can't legislate that out of existence. In this case, no damage has been done - any info out there as regards names and addresses is readily available and has probably been sold fourteen times already, and guess what? You can look phone numbers up on the net... I think you’re right, and I also think there are probably hundreds of trivial breaches like this every day so reporting to the ICO will result in a deafening silence as they will have far bigger fish fry rather than waste their limited resources on a non event like this. Link to comment Share on other sites More sharing options...
BruceinSanity Posted August 23, 2018 Report Share Posted August 23, 2018 7 hours ago, Mike the Boilerman said: I think you’re right, and I also think there are probably hundreds of trivial breaches like this every day so reporting to the ICO will result in a deafening silence as they will have far bigger fish fry rather than waste their limited resources on a non event like this. I imagine it’s a bit like reporting a near miss to the HSE under RIDDOR. Big form to fill in but unless you make a habit of it, nothing else eventuates. Link to comment Share on other sites More sharing options...
MtB Posted August 23, 2018 Report Share Posted August 23, 2018 5 minutes ago, BruceinSanity said: eventuates. New word of the day! Does it mean 'happens'?! Certainly RIDDOR reports of unsafe gas work are just used for stat collecting and analysis. No action is ever taken to correct the individual problems reported. Link to comment Share on other sites More sharing options...
BruceinSanity Posted August 23, 2018 Report Share Posted August 23, 2018 4 hours ago, Mike the Boilerman said: Does it mean 'happens'?! You are correct, sir. Not sure why I used it except I’d not finished drinking the first cup of tea of the day, so not all the neurones had got going. ? Link to comment Share on other sites More sharing options...
Jo_ Posted August 23, 2018 Report Share Posted August 23, 2018 This 'data breach' was surely a case of local human error. Someone told to send the .pdfs and the letters to the relevant addresses just got it wrong big time! Link to comment Share on other sites More sharing options...
Mike Todd Posted August 24, 2018 Report Share Posted August 24, 2018 (edited) On 22/08/2018 at 21:57, Arthur Marshall said: As I've said in another thread on this, It is no longer logical to expect that ANY information held on a database by any company is secure. All the evidence points the other way, from government sites being hacked or just leaving CDs about, to almost every mobile phone company losing its info to, in fact, virtually everyone who holds any info on their computer and is connected to the internet, or just backs up onto a separate drive. It's pointless legislating, and as pointless getting upset. It's just the price you pay for things being done online. Anyone who knows anything about internet security knows that there is no such thing. It's not just that the systems themselves aren't secure, but people are also involved, and they're not. They make mistakes. You can't legislate that out of existence. In this case, no damage has been done - any info out there as regards names and addresses is readily available and has probably been sold fourteen times already, and guess what? You can look phone numbers up on the net... The only wholly secure system sits inside a Faraday cage with no external connections at all, even fir power. In other words, wholly without use. On 23/08/2018 at 07:28, BruceinSanity said: I imagine it’s a bit like reporting a near miss to the HSE under RIDDOR. Big form to fill in but unless you make a habit of it, nothing else eventuates. In some contexts, like drug side effects, it is the collation of lots of small reports that enables the bigger finding. Edited August 24, 2018 by Mike Todd Link to comment Share on other sites More sharing options...
Rob-M Posted August 24, 2018 Report Share Posted August 24, 2018 (edited) I've now received two emails an hour apart, one to say my details have not been leaked and one to apologise for leaking my details. A bit of a shambles in terms of looking after my personal information. Edited August 24, 2018 by Rob-M Link to comment Share on other sites More sharing options...
Chewbacka Posted August 24, 2018 Report Share Posted August 24, 2018 1 hour ago, Rob-M said: I've now received two emails an hour apart, one to say my details have not been leaked and one to apologise for leaking my details. A bit of a shambles in terms of looking after my personal information. Do you have more than one licence by any chance? Link to comment Share on other sites More sharing options...
Featured Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now