back to article UK firm NOW: Pensions tells some customers a 'service partner' leaked their data all over 'public software forum'

Workplace pension provider NOW: Pensions has emailed a number of UK customers to warn about a data leakage caused by contractor error. The email, seen by this publication, claims a service provider "unintentionally" posted user data to an unnamed "public software forum". These records include biographical data (names, email …

  1. John McCallum

    Now pensions

    If some cunt has stollen my pension pot I will be having someones guts for garters.

    1. Symon
      Headmaster

      Re: Now pensions

      NOW: Pensions. Or as they're now known, NO: Pensions.

      p.s. Re: stollen, at least you're keeping it seasonal!

    2. Rameses Niblick the Third Kerplunk Kerplunk Whoops Where's My Thribble?

      Re: Now pensions - Christmas punnage

      If some cunt has stollen my pension pot I will be having someones guts for garters.

      I'd make mincemeat out of them. What a load of puddings. If they think anyone will trust them after this, they must be crackers, right out of their tree.

      1. Inventor of the Marmite Laser

        Re: Now pensions - Christmas punnage

        I'm all for kicking them in the baubles

    3. Anonymous Coward
      Anonymous Coward

      Re: Now pensions

      Gordon Brown has entered the room...

    4. Eclectic Man Silver badge

      Re: Now pensions

      As a person some of whose pension funds (and other savings) were stolen by some fraudsters*, I was hoping for their heads on a silver platter.

      *I did get the money back, after a while, but it is very stressful at the time. If you are missing some important post early next year, when pension companies send valuations, do check p that they have not been intercepted for fraudulent use.

  2. John 156

    Sounds like an accident not waiting to happen. More information, please.

  3. Anonymous Coward
    Anonymous Coward

    "with customers offered 12 months of free Experian Identity Plus"

    Will this be my third or fourth free subscription, worth £6.99 per month? Shame they can't run sequentially.

    1. 2+2=5 Silver badge
      Happy

      > Will this be my third or fourth free subscription, worth £6.99 per month? Shame they can't run sequentially.

      Tell them you've already got a sub and could they just send you the £83.88? (And see what excuse they come up with for not paying.)

      1. Keith Oborn

        I was offered Experian -

        By British Airways.

        These companies who have a breach need to look at who's free service they are offering, and what the record of the operator of that service for data breaches is.

        I declined. OK, BA, you had an accident and owned up. Don't offer me a free service from someone who had a much bigger one and tried to hide it. That does not make me feel more secure!

        1. Eclectic Man Silver badge

          Re: I was offered Experian -

          Or you could ask about CIFAS.

          https://www.cifas.org.uk

    2. John Brown (no body) Silver badge

      "worth £6.99 per month"

      Subs will be cheaper in bulk, and they'll get trade "mates rates" too. It's probably costing them more like 2 or 3 quid a month.

  4. bob42

    How thoughtful

    Sorry we lost your data, but hey, to make it up to you, here is a free subscription to another company that has great experiance with lost data!

    1. David 132 Silver badge
      Happy

      Re: How thoughtful

      bob42: ...great experiance...

      Ho ho. ISWYDT.

    2. shedied
      Coat

      Re: How thoughtful

      Email was sent to the affected parties, letting them know that their info was now all outfo

      Mine's the one with scribbled IOU's...

  5. fidodogbreath Silver badge

    From the warning issued to customers, it's hard to grasp the scale of the problem.

    Well, they have to consider the stock price, don't they?

    If they do elaborate, it will no doubt be the usual corporate newspeak; i.e., the issue affected "a small number of users," AKA "all of them."

  6. upsidedowncreature

    What forum was the data uploaded to, and how did the upload come to light? The file must have been pretty big - about 1.6GB if it had 1024 bytes per record (please check maths!)- so it wasn't uploaded by accident. Was it malicious in intent? The company seem to be implying that it wasn't. If it wasn't, what goes through the mind of somebody uploading a file that size, containing lots of PII, to a forum? Fresh air, probably.

  7. Howard Sway

    Downplaying the issue, it said there's "no evidence to suggest this has happened or will happen"

    There may not yet be any evidence to suggest that this has happened.

    There is plenty of evidence to suggest that this will happen.

  8. TonyJ Silver badge

    2%...

    Great... only 2%... how about coming clean and putting a number on that? 2% of 2,000,000 records is still a lot of people to expose.

    1. john.jones.name
      Stop

      Re: 2%...

      NOT a great idea... fines impact the organisation BETTER to impact the executives FINE the BOARD members take their house/pension and you will see security and response being prioritised

      banks do this when you get a loan why cant regulators...

  9. IGotOut Silver badge

    Only 2%

    Fine, hopefully you won't mind only 2% of your global turnover as a fine.

    1. 2+2=5 Silver badge
      Unhappy

      Re: Only 2%

      > Fine, hopefully you won't mind only 2% of your global turnover as a fine.

      As long as that turnover doesn't include people's pension pots. I'd be very unhappy if my details were stolen and then the regulator decided to confiscate 2% of my pension, or 2% of my pension contributions for this year even. After all, who is going to pay the fine? Limiting executive bonuses to zero for next the 92 years is not going to wash.

      1. sabroni Silver badge

        Re: As long as that turnover doesn't include people's pension pots

        Good shout! Penion companies should be able to leak data wherever they like because holding them responsible is difficult!

        1. Anonymous Coward
          Anonymous Coward

          Re: As long as that turnover doesn't include people's pension pots

          > Good shout! Penion companies should be able to leak data wherever they like because holding them responsible is difficult!

          Why on earth would you think that because it's difficult to hold companies to account they shouldn't be held to account?

          1. Eclectic Man Silver badge

            Re: As long as that turnover doesn't include people's pension pots

            As I understand it, pension pots belong to the investors, not the company. It would be the company's funds, such as fees legitimately collected form the funds that would qualify for the fines. Your pension fund is (relatively) safe.*

            *This being a new definition of the word "safe" that Arthur Dent was previously unaware of.

      2. katrinab Silver badge
        Meh

        Re: Only 2%

        No, turnover is the management fees they take out of the pension every year. The pension pot is not their money.

  10. N2 Silver badge
    Thumb Down

    Off with their heads

    I'll sharpen my favourite axe

    1. TonyJ Silver badge
      Joke

      Re: Off with their heads

      "...I'll sharpen my favourite axe...

      No... leave it blunt for these cases!

      1. Pascal Monett Silver badge

        That's not a joke - it's perfectly reasonable.

  11. sgp Bronze badge

    Not surprising

    When asked for a set of dummy data to develop some application, I once received an external drive containing 1TB of *real* medical records, all PII. Sad state of affairs...

  12. Trev 2

    What service provider?

    I would have thought even the people at Now Pensions wouldn't have access to do a data dump which this sounds like. Or did someone annoy the databaee admin?

    As a secind point, very the heck does a 3rd party have anything to do with pension data? Surely tuey should he able to do their own processing or is this for "data analysis" rubbish?

    Pleaee tell me this isnt going to be an unsecured AWS container... again!?

    1. Twanky
      Facepalm

      Re: What service provider?

      erm. what's a database admin?

  13. Trollslayer
    Unhappy

    Penny wise

    Pound foolish.

    Still true.

  14. Anonymous Coward
    Anonymous Coward

    “Only a small number”

    Have you seen Avogadro's number?

    Now THAT’S a big number, much bigger than our number.....

    Nothing to see here.

  15. sitta_europea Silver badge

    "a Parliamentary inquiry into workplace pensions saw NOW: Pensions interrogated by MPs over investment performance concerns, with the firm forced to explain why its returns were three times lower than those of its main competitors."

    And two years later they [B]still[/B] handle 1.7 million pensions???

  16. MSPSalesGuy

    Not Just Customers, ex customers as well

    I transferred out of now pensions late august / early September.

    I've just had the breach email, (stating that my data was published).

  17. Sparkus Bronze badge

    I suspect that PUK

    knows *exactly* the scope, cause, and responsibility of the problem.

    This minimum-required-by-law disclosure is intended to shield some higher-ups from scrutiny.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021