UK firm NOW: Pensions tells some customers a 'service partner' leaked their data all over 'public software forum' Workplace pension provider NOW: Pensions has emailed a number of UK customers to warn about a data leakage caused by contractor error. The email, seen by this publication, claims a service provider "unintentionally" posted user data to an unnamed "public software forum". These records include biographical data (names, email …
As a person some of whose pension funds (and other savings) were stolen by some fraudsters*, I was hoping for their heads on a silver platter.
*I did get the money back, after a while, but it is very stressful at the time. If you are missing some important post early next year, when pension companies send valuations, do check p that they have not been intercepted for fraudulent use.
By British Airways.
These companies who have a breach need to look at who's free service they are offering, and what the record of the operator of that service for data breaches is.
I declined. OK, BA, you had an accident and owned up. Don't offer me a free service from someone who had a much bigger one and tried to hide it. That does not make me feel more secure!
What forum was the data uploaded to, and how did the upload come to light? The file must have been pretty big - about 1.6GB if it had 1024 bytes per record (please check maths!)- so it wasn't uploaded by accident. Was it malicious in intent? The company seem to be implying that it wasn't. If it wasn't, what goes through the mind of somebody uploading a file that size, containing lots of PII, to a forum? Fresh air, probably.
> Fine, hopefully you won't mind only 2% of your global turnover as a fine.
As long as that turnover doesn't include people's pension pots. I'd be very unhappy if my details were stolen and then the regulator decided to confiscate 2% of my pension, or 2% of my pension contributions for this year even. After all, who is going to pay the fine? Limiting executive bonuses to zero for next the 92 years is not going to wash.
> Good shout! Penion companies should be able to leak data wherever they like because holding them responsible is difficult!
Why on earth would you think that because it's difficult to hold companies to account they shouldn't be held to account?
As I understand it, pension pots belong to the investors, not the company. It would be the company's funds, such as fees legitimately collected form the funds that would qualify for the fines. Your pension fund is (relatively) safe.*
*This being a new definition of the word "safe" that Arthur Dent was previously unaware of.
I would have thought even the people at Now Pensions wouldn't have access to do a data dump which this sounds like. Or did someone annoy the databaee admin?
As a secind point, very the heck does a 3rd party have anything to do with pension data? Surely tuey should he able to do their own processing or is this for "data analysis" rubbish?
Pleaee tell me this isnt going to be an unsecured AWS container... again!?
"a Parliamentary inquiry into workplace pensions saw NOW: Pensions interrogated by MPs over investment performance concerns, with the firm forced to explain why its returns were three times lower than those of its main competitors."
And two years later they [B]still[/B] handle 1.7 million pensions???
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
