Online data breaches

Let me run by a scenario with you and before you read on from my initial question, write down what your immediate response would be. Ok?

So here is the scenario:

I received an email from an online retail store saying my items had despatched and to click a link in the email to follow progress.

I click the link, it says nothing was found, link is not working, please try again. I tried it a few times, still not working.

So, I make a query with the online retail store to their Twitter account that is there to help with queries.

They reply saying i should send them a Direct message (DM) with order details. So I DM the order number.

They reply that they need my full name, Date of Birth and email address before they answer my query.

So, what would your immediate response be to them asking for all these details?

Write down your answer before going any further.

Now, bearing in mind the very recent cyber attack on Talk Talk and customer details being obtained, why would i freely give my full personal details via Twitter?!?

I highlighted to them, that all i wanted to know was ‘where’ is my order. Give me a location. All they kept saying is we cannot divulge any customer information without verifying who you are.

What has giving am item location got to do with personal information? Unless of course i was a Dandy Highwayman about to hijack the courier?

I replied with, who is to say your Twitter account hasn’t been hacked and you are harvesting personal info with all these ‘queries’ as we tweet?

They then quoted they are following DPA (Data Protection Act), which is in my opinion is bullshit. When does DPA say you cannot divulge order despatch information by just supplying my name and order number? How would a hacker got hold of my order number and then want to know the stage of delivery? Unless of course the hacker was a Dandy Highwayman about to hijack the courier?

Personally i was surprised they didn’t ask for my inside leg measurement as how would they of known the item was for me in first place!

Now you have all this information, is your answer still the same as when i asked you to write your initial answer earlier or would you now not divulge your personal information via Twitter?

I hope it is the latter and that you would not divulge personal information to ‘verify’ you via Twitter or any other electronic form. After all, Banks ALWAYS say they would never ask for your personal information via email, so why would this online retailer ask via Twitter?

So ASOS, you have the right to reply here. Can you please explain yourselves?

Or was it an actual hack who i was conversing with when i said that the DPA interpretation was incorrect?

Leave a Reply

Your email address will not be published. Required fields are marked *