EE customer, Francesca Bonafede, had her personal data accessed by an ex-partner who worked at the firm. He gained access to her address and bank details and even had her number switched to a new handset.
Ms Bonafede contacted EE in February 2018 after her phone stopped working but it took five days to receive an update.
She was told that someone had visited an EE shop, requested a new sim card and transferred her account to a new phone. The new address registered on the system belonged to her ex-partner, who worked at one of the company’s London High Street stores.
All text and calls meant for her were sent to her ex’s phone. He could view all her personal details which he used for official documents and applications. When Ms Bonafede refused to withdraw her complaint, her previous partner and his friends turned up at her new address unannounced.
This happened multiple times and she received no responses or updates from EE. To put an end to her ex-partner’s messages she got the police involved, who arrested the man and gave him a harassment warning.
It wasn’t until she posted her experiences on social media that the company took her issue seriously. She says she felt like she was at risk and no longer trusts how EE handles their data.
A company spokesman said that internal policies were not followed properly. It has been revealed that the matter was dealt with internally and that Ms Bonafede’s ex-partner had been fired from the firm.
“While we worked quickly to protect Francesca, we apologise for not keeping her informed of the actions that we took during this time,” he says.
Under the Data Protection Act and General Data Protection Regulation it is considered illegal for individuals to access personal data without authorisation. The same acts state that there is an obligation for companies to ensure data was managed securely and and protected against unlawful processing.
EE’s case is not the first major data scandal to come out this year. Earlier this week a security flaw exposed millions of private photos from Jack’d, a dating app for queer men. The flaw was first reported on Tuesday but the company failed to fix the bug in time or warn its users.
If you're building dating apps, you have to get the security right. There's no excuse for getting the security so wrong & stubbornly not fixing the issues when a reporter has gone above and beyond to disclose, and even offered to kill the story if it gets fixed. Irresponsible. https://t.co/FnXVvT8yto
— H E X A (@hexadecim8) February 7, 2019
In the BBC’s look at tech trends for this year, they predicted that data handling will be a major theme in 2019. Questions of how data is created, stored, analysed and applied are all topics that key companies will have to consider deeper.
Following 2018’s collection of data breaches, including large companies like Facebook, Uber and British Airways, the way companies handle data has been under scrutiny from the public. Some experts predict a consumer backlash if changes are not made.
Phil Beckett, managing director of disputes and investigations at management consultancy Alvarez and Marsal told the BBC: “In 2019, I expect that consumers will start to reclaim control of their data and monetise it.”
Mark Curtis, co-founder at design consultancy Fjord, also told the broadcaster, that as consumer trust is “severely dented” firms may adopt a “data minimalism” approach, only asking for data they really need.