Kelly Fiveash reports on several breaches at KCOM that had not been previously reported on this blog:
Hull-based telco KCOM has coughed to another privacy clanger – this time admitting to wrongly sharing some of its customers’ email addresses with other subscribers.
But it’s unclear whether the ISP has turned itself into the Information Commissioner’s Office to report the latest data protection cockup.
[…]
KCOM apologised and said “additional checks [were] in place to avoid this happening again.”
But some might be surprised by that statement, given that a KCOM engineer had, it was claimed to El Reg, unwittingly exposed a customer spreadsheet containing the telephone numbers, user IDs and unencrypted passwords of all its subscribers back in January.
Not long after that, we reported on another privacy howler, this time involving KCOM’s Exeter-based ISP Eclipse Internet, which foolishly displayed passwords in plain text to users via a webpage.
The latest data cockup is hardly an isolated incident, then. Perhaps the ICO needs to take a closer look.
Read more on The Register.