Feeds

Dell's slow response to straying data

All too familiar sinking feelings

Remote control for virtualized desktops

A Dell customer is complaining to the Information Commissioner's Office (ICO) after a serious data breach led to his confidential details being posted to the wrong address.

Stuart Nathaniel told The Register that Dell had failed to swiftly deal with the blunder despite the fact that he was seeking reassurances that the information – which included his bank account details, signature and debit card number – had not been circulated elsewhere.

Nathaniel, who lives in Leeds, only learned of the problem after the person who wrongly received his details contacted him about the data breach in December last year.

The computer giant's financial services team mistakenly sent his fixed sum loan agreement documents to a man with an entirely different surname who lives in Ireland.

But even though the screw-up could have led to identity theft if the information had fallen into the wrong hands, Nathaniel told us that Dell has been incredibly slow to ease his concerns.

Dell eventually confirmed to Nathaniel on 19 December that the financial services firm CIT which handles the computer maker's customer accounts, was in fact responsible for the security blunder.

The CIT has since contacted him to discuss the possibility of compensation, but Nathaniel told us he still plans to formally complain to the ICO about the data breach.

Although Dell has a global privacy policy regarding customer data, it does not extend to its financial services affiliates.

El Reg asked Dell to explain its data protection policy. We also asked it to tell us how the mistake could have happened, whether the incident was an isolated one, and what checks and balances it was putting in place to prevent such a problem from recurring.

Dell came back to us with a lengthy statement in which it underlined its "serious" commitment to data protection law.

The computer giant said that standards and controls were in place to ensure that the likes of record management, security, password and IT policies were robustly followed by its staff, each of whom are contractually obliged to follow the rules.

It said: "All of our employees are told that 'each of us owns compliance to data protection laws,' and, 'that each of us is held responsible for respecting these policies'."

Dell said it likes to try and impose the same level of security to its affiliates, but added that some negotiation with third parties over the terms of privacy agreements was often required.

Meanwhile, CIT has accepted that a "human error" had occurred that caused Nathaniel's confidential data to be sent to the wrong address.

CIT said in a statement: "This was an isolated incident attributable to human error and as a direct result of this situation, CIT has reviewed its internal procedures in a concerted effort to ensure that this kind of error does not occur in the future.

"We take our responsibility towards personal information very seriously and it is of the greatest importance to us to maintain the privacy of our customers and the integrity of our data." ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Azure TITSUP caused by INFINITE LOOP
Fat fingered geo-block kept Aussies in the dark
NASA launches new climate model at SC14
75 days of supercomputing later ...
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
You think the CLOUD's insecure? It's BETTER than UK.GOV's DATA CENTRES
We don't even know where some of them ARE – Maude
DEATH by COMMENTS: WordPress XSS vuln is BIGGEST for YEARS
Trio of XSS turns attackers into admins
Cloud unicorns are extinct so DiData cloud mess was YOUR fault
Applications need to be built to handle TITSUP incidents
BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
Don't worry about that cable, it's part of the config
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Getting ahead of the compliance curve
Learn about new services that make it easy to discover and manage certificates across the enterprise and how to get ahead of the compliance curve.