back to article Quotemehappy? No, I'm furious: Insurance site loses customer details

Aviva-owned online-only insurance business Quotemehappy.com has informed customers that there has been a data breach at its website. Quotemehappy announced that it had "recently" lost a "small number" of customers' details, comprising "vehicle registration, email address, mobile number, landline number and address." An email …

  1. Anonymous Coward
    Anonymous Coward

    Similar to the...

    Steam caching error then? I'm not technical on it, but I hear it's a change to caching https when only http or other safe data should be cached.

    Sometimes the "apply to all" button needs removing with force. :P

  2. IT Hack

    Aviva Quote

    Quotemehappy.com has identified an incident where a small percentage of customers were able to see another customer’s contact details, such as name, address and telephone number, when they logged into their account.

    These details could not be changed and no sensitive, personal or financial, information could be viewed or accessed.

    The issue has now been fully resolved and we have contacted all impacted customers to explain the situation and have notified the FCA and the ICO.

    ------------------

    And I hope both the ICO and FCA smacks these muppets upside the head.

    You can see the details but not view them? Notwithstanding this invention called writing that can be used, you know to write stuff down. You know...access?

    Telephone numbers and addresses with names...that's bad enough but to make a statement like that is justification enough to stand, point and laugh at these idiots.

    1. Anonymous Coward
      Anonymous Coward

      Re: Aviva Quote

      "And I hope both the ICO and FCA smacks these muppets upside the head."

      I sense disappointment on the horizon...

      Both the ICO and FCA are toothless entities there only to serve those they are supposed to investigate.

      1. Anonymous Coward
        Anonymous Coward

        Re: Aviva Quote

        How does one go about smacking someone "upside" the head? I can picture smacking someone round the head........

        I think the more likely outcome is that the these Muppets will be sent to sit on the naughty step or to right our 10 times "I will not be so stupid in future".

    2. paulf
      Facepalm

      Re: Aviva Quote

      "were able to see another customer’s contact details, such as name, address and telephone number,...no sensitive, personal or financial, information could be viewed"

      So name, address and telephone number aren't sensitive now? These could be used to obtain other sensitive things like Date of Birth and more through all manner of routes e.g. insufficiently protected social media accounts (yes, I know!), social engineering contact and the like.

      If you think some kinds of personal information aren't sensitive then it's no wonder these breaches happen. Hell, even anonymised data can be de-anonymised by a determined crim or $MEGACORP. *ALL* personal information is sensitive and should be protected as such.

      An ICO spokesperson said: “We’re aware of an incident involving Aviva and are making enquiries.”

      As I've said before, I bet the Chocolate fire guard department are positively melting at the thought of "making enquiries" and giving some company a light tap on the wrist. Since the ICO will simply tell Aviva not to use the data breach again in its current form (in about 2 years time) perhaps the ICO was merged with the ASA and we all missed the memo?

  3. Anonymous Coward
    Anonymous Coward

    They also have a short password rule.

  4. Anonymous Coward
    Anonymous Coward

    I'm just glad they said no personal information was lost like you know, name, address, telephone number. Things that basically can be used to get other information for identity theft.....

    Who is the bigger fool? The fool or the fool who believes the fool or even the fool who foolish allows the fool to fool knowing full well they are being taken for a fool or the fool that believes anything will be done about this and other breaches or anything will ever change.

  5. alun phillips

    Here's an idea..

    According to Aviva the data isn't sensitive, may I suggest this and all future such breaches be punished by making exactly the same data, belonging to senior execs, available to the public on the sites homepage for at least 12 months. Bet they sort their security out then.

    1. Velv

      Re: Here's an idea..

      It might not be on their homepage, but the majority of the leaked information here for the Execs is already in the public domain. Check out Companies House, then check the FCA and PRA for financial services companies. Other regulated industries have similar websites.

      So as well as getting companies secured, we need to get the government secured

      1. tiggity Silver badge

        Re: Here's an idea..

        They made company data a bit more secure, directors can hide behind company address & phone number, no longer the need to give out address details of your home ( or other non business premises)

    2. allthecoolshortnamesweretaken

      Re: Here's an idea..

      Try this for starters:

      http://www.ceoemail.com/

  6. Anonymous Coward
    Anonymous Coward

    Better than how they treated victims of data theft

    At least they're offering some form of protection for those affected.

    Both I and my partner have had our details stolen twice (by employees) from Aviva whilst we had car policies with them, because we each reported an incident (not a claim) as required to under terms of the policy.

    In each case Aviva denied any data breach when I contacted them after we received multiple "you've had an accident" calls from firms claiming to represent Aviva. Each time I later received a letter from them admitting that employees had in fact stolen and sold our data. After the first breach they claimed that they had dramatically improved internal security, yet they still failed to catch the second (a manager) for some time: http://www.bbc.co.uk/news/business-34544659

    To date the only redress they have offered any of the customers affected (to my knowledge) is £25 costs to one who changed telephone numbers after being plagued with spam calls.

    5 years on from the first breach, we still get the odd spam call from this although I've moved to a fairly "aggressive" handling strategy that is dealing with the last few.

    It'll be a cold day in hell before either of us ever trust Aviva with any form of personal data again.

    1. phoyle

      Re: Better than how they treated victims of data theft

      Exactly the same happened to me. Added to the fact that the car took 5 attempts to fix by their own repair agents before I had to pay out of my own pocket left a sour taste in my mouth to put it lightly.

  7. phoyle

    Dont trust them.

    They don't need these kind of breaches to lose your data, the employees are proficient enough to sell it on your behalf. And I have the letter to prove it. Utter scumbag operation.

  8. Anonymous Coward
    Anonymous Coward

    Havent received the email

    I'm with Quote Me Happy for at least a couple more months, I havent received any email from them yet.

    Moved the missus to M&S premium car insurance a few weeks ago... over £200 cheaper than the renewal from her current provider with better cover, lower excess, it was still about 130 cheaper than QMH too, oh it came with really silly rac breakdown cover too as an added bonus

  9. Roj Blake

    Insurance Renewal

    And to think, I was going to switch my due-for-renewal car insurance to Aviva at the weekend.

    Not any more.

  10. Anonymous Coward
    Anonymous Coward

    Am I being complacent?

    Isn't this kind of information available in a telephone directory?

    Or is that now the starting point for phishing scams?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022