Bulldog fingers sacked employee for credit card scam
Pakistani call centres swindle customers
Cable and Wireless, the former owner of ISP Bulldog, has blamed a sacked employee for the illegal use of a database containing 100,000 customer details.
The firm has taken out a High Court injunction against the woman, named by the BBC as Seemab Zafar, who was canned by Bulldog in 2005 after failing to return as planned from a business trip to Pakistan. She now runs an outsourcing business and has denied any involvement in the data theft.
The breach emerged when customers began receiving unsolicited phone calls asking them for credit card information. According to the BBC, Pakistani call centres tricked customers into giving details which were used to take money and set up fake PayPal accounts.
The injunction demands that Zafar and third parties stop using the data, and tell Cable and Wireless exactly what information it included. The firm said it believes the legal action has led to the destruction of all copies of the database.
Cable and Wireless was keen to point out that accounts which had been attacked by the credit card scam were not directly based on financial data taken from it. In a statement, it said: "There is no evidence that any credit card details have been misused. Indeed, the credit card details in the sample customer information held by the BBC do not match the customer database."
It also said its use of outsourcers was unrelated to the crime. It said: "Make no mistake, we will take every possible course of action available to us to bring this matter to a suitable conclusion and to ensure the protection of Bulldog customers."
Bulldog was bought by Pipex in 2006. ®
''I'm concerned that many of the countries in which our financial data are now being moved to don't have the same protections as the US' GLBA"
The funnyest thing ive herd all day! Data protection in the US!
Financial risk is low
The database that she got away with would have been the MS Access one (unless she had access to the SQL Server one controlling the website - unlikely). This didn't contain any financial information as the website sent the details directly to a payment broker (secpay). Although, for a period of time, financial information was harvested on the website DB. This was deleted just before Ofcom started their audit as it was unencrypted and just sat on the web DB behind a firewall! Scary! Guess the management (yes the management knew) thought Ofcom would frown on it!
For those that have been contacted by call centres but weren't/aren't a Bulldog customer, would have been because the check box to opt out of telemarketing was ignored. This generated a large DB of potential customers for the broadband sector. This was used by the offshore Bulldog sales agents. Wouldn't have surprised me if this was also sold without the knowledge of the company...
Sum It Up Nicely!!
''I'm concerned that many of the countries in which our financial data are now being moved to don't have the same protections as the US' GLBA (I'm sure the UK and EU have similar measures).''
This is the problem with outsourced centers we dont have the same financial protection therefore we are stuffed if this type of thing happens and the wrong person gets a hold of our data...
''About 3 years ago, an Indian worker at a data processing call center stole personal information on about 20,000 people and sold it to a data miner. The only charge they could come up with was theft of company property, since he used one of their CD's.''
There isnt much deterrent if this is all that happened, I think the only way we can object to companies looking at the cheap option of cheap labour in a country where laws are so different is to put our foot down as consumers and say enough is enough, If a company chooses to do this we vote with our feet and go somewhere our information will be safe, and we have the laws that protect such information which deters people stealing it and selling it on!!!!