Woman threatened after her gym shared her home address with another customer
Data breaches are never out of the news. But while most of us worry about getting our identity or money stolen after a hack, we don't tend to consider the possibility of physical threats. But, in a recent case, our solicitors saw the impact of what can happen when a woman's address was handed to an angry customer by mistake.
What happened in this case?
In this data breach, a gym provided a woman's personal details (our client) to another customer who shared her name.
This other person had received emails from the gym intended for our client. The emails were sent chasing missed payments. Confused as to why she was receiving the emails, the other woman became concerned that she had become the victim of identity theft. And, when she questioned the outstanding payments with the gym, a member of staff supplied her with our client's home address.
Following this, the woman's father went to our client's home and banged on her door, accusing her of attempting to "clone" his daughter's identity. Our client was at home with her two young children, one of who is disabled, and she found this experience both frightening and upsetting. She then contacted the gym to find out what was going on and received an apology for the mix-up.
However, the other woman's father still did not understand that our client was not at fault. And, when our client returned from holiday, she received three letters from him, all of which contained threats. As a result, she reported the incident to the Police and Action Fraud.
It seems despite becoming aware of the situation, the gym continued to send emails to the wrong woman demanding payment. These emails also disclosed some of our client's bank card number.
As a direct response of poor systems, and a failure to cross-reference their systems to identify distinguishing features between both customers, this data breach has caused our client considerable distress, upset and even fear. As such the consequences of the error were particularly upsetting.
What can you do to stop this from happening to you?
There are a few lessons that can be learned from this case. For example, when handing over your email address to an organisation, it is vital that you check that these details have been taken down correctly.
You are completely within your rights to ask for a copy of the data a business (or any other organisation) holds about you. This is called making a subject access request (SAR). Find out more about making a SAR.
Of course, this won't guarantee that an error doesn't result in an email going to the wrong address, but it is still a good safety precaution to take.
What's more, if you do find yourself in a similar situation to our client, like her you should report the incident to the Police and Action Fraud. Action Fraud is the UK's national reporting centre for fraud and cybercrime in England, Wales and Northern Ireland.
Alternatively, if you are an employee of a gym or any other business and you want to make sure that you don't make a similar mistake, talk to your employer about any processes that can be put in place to make sure that the information you hold on your customers is correct. Such steps could include things like additional data protection training, and checks and balances on systems generating correspondence.
For more advice on how to keep your data safe, follow Hayes Connor on Twitter or give us a like on Facebook. Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.