The incumbent phone and broadband ISP for Hull in East Yorkshire, KC, has suffered yet another security snafu after they accidentally sent letters to customers that included the email addresses for other subscribers. Sadly it’s not their first security blunder.
According to the Hull Daily Mail, most of the wrongful letters appear to have been issued during February 2014. It’s not known precisely how many of their subscribers received the letters, although KC has at least been quick to apologise. But we’re still waiting to find out whether or not they’ve informed the Information Commissioner’s Office (ICO).
A KC Spokeswoman said:
“We recently contacted our customers to check we have the correct email address for their KC account, as we use this to send out customer updates, including broadband usage alerts.
Unfortunately, some customers’ email addresses were incorrectly included in other customers’ messages. We have contacted everyone who received incorrect information, or whose email address was sent to another customer by mistake.
We are sorry this mistake was made and have put additional checks in place to avoid this happening again.”
The latest blunder comes shortly after at least one of KC’s fibre optic broadband engineers demonstrated a worrying lack of personal data security by exposing unencrypted user passwords (and other personal data) during an on-site installation visit (here). Soon after that another KCOM sibling, Eclipse Internet, was found to be rather lax with their web security (here).
Comments are closed