Glad it's not just me then.
There's a bloke in the states with the same name as me who thinks he owns my email address. I've had unexpected communication about all sorts of things:
- Playstation network, this was the first one quite a while ago, I contacted Sony and they shut down the account.
- Instagram, I went to sign up for an account and discovered I already had one. Reset the login, loads of pictures that were nothing to do with me. Deleted and started again!
- Goodgame Empire, online game of some sort. Got a ton of spam from this, contacted them and they deleted the account. Next thing I know I get another email from them, a reply to a support request about a failed logon... So used the address again on a webform I'm guessing? Clever(!)
- Harry's, you know the shaving subscription thing? Reset the login so I could close the account, couldn't find that option. Contemplated ordering an absurd quantity of items to his address but decided this would put me in a decidedly dodgy position since it would cost the guy money... So changed the name on the account to STOPUSING MYEMAILADDRESS instead, to send a message. Wouldn't be surprised if it still says it on his regular delivery.
- Insurance quotes. Tons of them.
The one that really concerned me though was Amex. I can't see his account number or anything like that but I get a statement summary every month, I can see how much he owes, I can see whenever he makes a payment. All data I should not have access to. I tried contacting them by email, through their website and by telephone. Every time I was told, you're not the customer so we can't change anything. To use the website chat I actually had to reset the login, and even though I explained I had done this and was accessing the site through their customer's account they weren't interested. In my job, if I suspected an account was compromised I'd lock it down fairly swiftly. If I got a message directly from someone using the account saying it was breached there would be no hesitation or question about it. Maybe they're scared the customer would phone up to complain when his payments wouldn't go through, maybe the customer's convenience takes precedence over the security of their data, but really it would be kinder to him and less hassle for everyone if they'd step in and tell him to stop being a dickhead and remember his own email address. If it was their UK branch processing the data I'd be onto the ICO already, but alas, out of their jurisdiction I fear.
Btw, I have considered contacting the guy by mail, or by phone, it wouldn't be a problem since I've had those details thrust into my lap enough times now, but I'm genuinely scared, since it's clear that he's an idiot, he'll probably decide it's all my fault and set his lawyer on me. It's just not worth the risk.
Edit: Something I've always been irked about when this happens and ought to mention - It could all be avoided if these sites and services would bother to verify the address when someone signs up.