BT admits sending unsecure customer details
BT has admitted emailing the personal details of more than 500 of its customers to a law firm in an unsecure document. The telecoms company could be found to be in breach of the Data Protection Act to stimpulates they must protect their customers’ information, after sending unencrypted spreadsheets to the legal firm ACS:Law following a court order.
The details were lost after an unexpected a security lapse at the law firm. BT has stopped short of apologising for the error but has promised that it won’t happen again. The email was sent from BT lawyer Prakash Mistry to ACS:Law boss Andrew Crossley last month after a legal ruling forced BT to hand over the names of customers suspected of illegal file sharing.
Mr Mistry asked for the data to be held securely when he sent the email but choose not to encrypt the Excel sheets which contains hundreds of customer names and addresses. This allowed anyone with access to the email to view the files.
One of the documents contained to a list of over 400 broadband users who were allegedly illegally sharing music through an online programme. The other list contained details of 130 users believed to be sharing internet pornography.
A BT spokesman admitted sending the unencrypted documents but insisted that the company has a robust information protection system. He added that measures have already be taken to ensure ithe gaffe doesn’t happen a second time.
All the customers affected have been contacted by BT and the company are said to be working hard to sooth tensions and protect them from further exposure. All those involved will also receive free security software for the next year.