Feeds

BT: Whew, we've been cleared of major privacy breach. Oh SNAP, another webmail blunder

Complaint dismissed. Prepare for different complaints

Secure remote control for conventional and virtual desktops

Exclusive BT has been cleared of a serious data protection violation by the UK's privacy watchdog, The Register has learned.

A probe into the one-time national telco's webmail system was carried out by the Information Commissioner's Office after a whistleblower exposed evidence that appeared to show BT's customer email accounts were being compromised by spammers. The probe has now been concluded, with the complaints being dismissed by the regulator.

"After considering the evidence supplied by the complainant and making follow up enquiries with BT, we are satisfied that BT did comply with the Data Protection Act in relation to its BT Mail email platform," an ICO spokesman told El Reg.

"We also scrutinised the security testing undertaken by BT and verified the information security certification it required of its contractors. Following these enquiries, we are satisfied that BT took appropriate steps to keep customer email accounts secure.”

The conclusion of the case arguably couldn't have come at a worse time for BT, after the company suffered yet another webmail cockup over the weekend.

BT is in the process of slowly migrating its subscribers over from Yahoo! webmail to a white label product supplied by US outfit Openwave Messaging, which bought San Mateo, California-based messaging firm Critical Path Inc late last year.

Late on Friday, service disruption struck thousands of email accounts for several days, BT admitted.

It was forced to issue an apology on Monday:

We’d like to apologise for a technical problem that meant a minority of BT Mail customers weren’t able to access their email accounts in the past few days.

We’re in the process of restoring access to the affected email accounts and expect to have the service working again later today, so if you’re still unable to access your email account, please wait and try again later ...

Once again, we’re very sorry for any inconvenience this has caused, and we appreciate your patience as we work to resolve the problem.

BT told us that Openwave Messaging confessed it was having a problem with the migration over the weekend. Some subscribers were greeted with an error message when trying to access their email accounts, BT added. Worse still, some emails were lost during the outage, the telecoms giant said. It claimed access had "now been restored for all customers."

The Reg heard separate complaints from BT customers last week, with some saying that they were struggling with an ID change as part of the migration away from Yahoo!

BT largely shrugged off that particular gripe, however.

"For customers who log in to BT.com to check their email, we ask them to create a BT ID or link their email to an existing BT ID. This enables the customer to access all their BT services (e.g. BT Sport, BT Wi-Fi) through one username and password," a spokeswoman at the company said.

"We have had some customers contact us who are having problems completing this journey. The majority of these are because the customer doesn’t know the password or security question answer for their existing BT.com profile."

She added: "There are a small number of customers with very complex account setups and they are being dealt with by our UK-based specialist migration team."

In March, El Reg exclusively revealed that the ICO was investigating BT, after a Critical Path insider blew the whistle on alleged issues at BT's new messaging partner, with the claim that Britain's privacy law may have been flouted.

At the time, the regulator concluded in an exchange seen by the Reg that - based on the evidence provided by the whistleblower - it was "unlikely that BT had complied with the requirements of the DPA."

BT may feel vindicated today by the ICO's decision to close the case and confirm that the company had in fact respected the UK's data rules. It's a pity, then, that webmail woes continue for its customers. ®

Protecting against web application threats using SSL

More from The Register

next story
Brit telcos warn Scots that voting Yes could lead to HEFTY bills
BT and Co: Independence vote likely to mean 'increased costs'
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Blockbuster book lays out the first 20 years of the Smartphone Wars
Symbian's David Wood bares all. Not for the faint hearted
Bonking with Apple has POUNDED mobe operators' wallets
... into submission. Weve squeals, ditches payment plans
This flashlight app requires: Your contacts list, identity, access to your camera...
Who us, dodgy? Vast majority of mobile apps fail privacy test
Apple Watch will CONQUER smartwatch world – analysts
After Applelocalypse, other wristputers will get stuck in
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.