Jump to content


  • Tweets

  • Posts

    • We purchased our Mercedes in September 2023 from Doves in Horsham for £21000, paying half cash and half on finance. We also purchased warranty for life via Ramp as recommended by Doves. On 12th May 2024 the car failed to recognise the key and wouldn’t not open, the AA could not identify the problem so via our warranty the car was taken to Mercedes in Croydon. After 3 weeks the problem was finally identified as water ingress in the drivers side footwell which has corroded and blown various components. After further investigation it was discovered the windscreen was date stamped 2019 (all the windows are 2018 - therefore not the factory fitted windscreen) The leak has developed due to incorrect sealant being used assuming when this was replaced and also water leaking from the seam. The warranty company do not cover water ingress so we are now faced with a bill of £3635. As we are now at 8 months since purchase (problem started at just over 7 months) we are not covered by the consumer rights acts. Would we be covered Sale of Goods Act? We have all the reports for the works being completed but unsure if this should be taken to the finance company or Doves who we purchased the car from. Do we pay for the works and then try and claim it back or should they be paying? Any help would be much appreciated
    • im also wondering if back billing applies here too . from looking at like threads around this SSE to ovo compulsory switch, it must be evidenced by the claimant that bills were regularly issued for the period of the supply the debt they claim covers. there are no threads here that show they could ever produce them, so back billing rules (12mts) might also play a part.
    • Vodafone have reported that they are having issues with their Credit File APIs into the Credit Reference Agencies where aged accounts over 6 years are being readded to Credit Files. In some instances, people are having defaults rescinded and changed to late payment status making the account live again!    --- Have you been affected? Please keep an eye out on your credit file for any  new Vodafone Account appearing where there shouldnt be any reason. If you are a Vodafone Customer - Check that the information is correct. check for Late Payments and Defaults.    Don't forget to consider the financial impacts this could have on you.  ---   If you are struggling - Post below and we can guide you to get the result you need!    Its been reported that Experian and TransUnion seem to be where these appear.  They are able to remove the information relatively quickly and it will reflect on next Credit File Refresh.         
  • Our picks

    • If you are buying a used car – you need to read this survival guide.
      • 1 reply
    • Hello,

      On 15/1/24 booked appointment with Big Motoring World (BMW) to view a mini on 17/1/24 at 8pm at their Enfield dealership.  

      Car was dirty and test drive was two circuits of roundabout on entry to the showroom.  Was p/x my car and rushed by sales exec and a manager into buying the mini and a 3yr warranty that night, sale all wrapped up by 10pm.  They strongly advised me taking warranty out on car that age (2017) and confirmed it was honoured at over 500 UK registered garages.

      The next day, 18/1/24 noticed amber engine warning light on dashboard , immediately phoned BMW aftercare team to ask for it to be investigated asap at nearest garage to me. After 15 mins on hold was told only their 5 service centres across the UK can deal with car issues with earliest date for inspection in March ! Said I’m not happy with that given what sales team advised or driving car. Told an amber warning light only advisory so to drive with caution and call back when light goes red.

      I’m not happy to do this, drive the car or with the after care experience (a sign of further stresses to come) so want a refund and to return the car asap.

      Please can you advise what I need to do today to get this done. 
       

      Many thanks 
      • 81 replies
    • Housing Association property flooding. https://www.consumeractiongroup.co.uk/topic/438641-housing-association-property-flooding/&do=findComment&comment=5124299
      • 161 replies
    • We have finally managed to obtain the transcript of this case.

      The judge's reasoning is very useful and will certainly be helpful in any other cases relating to third-party rights where the customer has contracted with the courier company by using a broker.
      This is generally speaking the problem with using PackLink who are domiciled in Spain and very conveniently out of reach of the British justice system.

      Frankly I don't think that is any accident.

      One of the points that the judge made was that the customers contract with the broker specifically refers to the courier – and it is clear that the courier knows that they are acting for a third party. There is no need to name the third party. They just have to be recognisably part of a class of person – such as a sender or a recipient of the parcel.

      Please note that a recent case against UPS failed on exactly the same issue with the judge held that the Contracts (Rights of Third Parties) Act 1999 did not apply.

      We will be getting that transcript very soon. We will look at it and we will understand how the judge made such catastrophic mistakes. It was a very poor judgement.
      We will be recommending that people do include this adverse judgement in their bundle so that when they go to county court the judge will see both sides and see the arguments against this adverse judgement.
      Also, we will be to demonstrate to the judge that we are fair-minded and that we don't mind bringing everything to the attention of the judge even if it is against our own interests.
      This is good ethical practice.

      It would be very nice if the parcel delivery companies – including EVRi – practised this kind of thing as well.

       

      OT APPROVED, 365MC637, FAROOQ, EVRi, 12.07.23 (BRENT) - J v4.pdf
        • Like

Data Protection Breach - Passwords disclosed / stored


style="text-align: center;">  

Thread Locked

because no one has posted on it for the last 3753 days.

If you need to add something to this thread then

 

Please click the "Report " link

 

at the bottom of one of the posts.

 

If you want to post a new story then

Please

Start your own new thread

That way you will attract more attention to your story and get more visitors and more help 

 

Thanks

Recommended Posts

I wasn't sure which forum to post this in however decided on the CRA forum as I would imagine those on here would have the best knowledge of Data Protection.

 

The long story cut short

is that a very large UK business has disclosed my password for my account with them to various other bodies including several solicitors acting for them and have also submitted this information to the HM courts as a part of their "evidence" to defend my claim.

 

 

The account is still very much active and had I not gone through their bundle with a fine tooth comb

I would not have spotted the breach.

 

 

This information has already been on circulation for some time now with their solicitor and now the courts.

 

My concern is the format in which the password has been disclosed is in the form of a "screenshot" of their computer system which would indicate that all of their operators also have complete access to the whole password.

 

 

I had always understood that passwords were stored in such a manner as the operator would only ever have access to 2 letters / characters.

 

 

If this is the case then it would seem to be quite a serious breach of data protection in itself that passwords are stored like this.

 

 

In my own case to say I am furious that my password has been circulated to the courts and their solicitor would be an understatement and I would l like advice on how you would deal with this.

 

 

I would rather not say the company at this time as I do not want to compromise my own case,

however this is a very large UK business.

Link to post
Share on other sites

  • Log in to the account and change the password (if at all possible).
  • Report the breach to the information Commissioner's Office.
  • Send a strongly worded letter of complaint to the data controller of this company - Inform him that you will hold him personally liable for any losses incurred.

If/when you get opportunity to make a statement in court, point out this gross breach of confidentiality - Passwords should never be disclosed and should always be encrypted (basic and fundamental principle of computer security).

PLEASE HELP US TO KEEP THIS SITE RUNNING

EVERY POUND DONATED WILL HELP US TO KEEP HELPING OTHERS

 

 

No... you can't eat my brain just yet. I need it a little while longer.

Link to post
Share on other sites

Thanks for the advice.

 

I'm still calming down from the rage of seeing what they had done.

 

In the bigger picture, the concern is that they're systems seem to be able to show the password to anybody who had access. I had, foolishly, assumed that when asked for say the 3rd and 7th letter of the password that would be all the call centre operator would be able to see. It would seem they have access to the whole password. Potentially should somebody use the same password for various accounts this could be catastrophic in the wrong hands.

Link to post
Share on other sites

Ah, a pass phrase used to verify a caller (for example) using a telephone banking service - Not quite the same thing as a login password, but still open to abuse if it fell in to the wrong hands.

 

Still worth raising the issue with the ICO and any regulating bodies governing this business.

PLEASE HELP US TO KEEP THIS SITE RUNNING

EVERY POUND DONATED WILL HELP US TO KEEP HELPING OTHERS

 

 

No... you can't eat my brain just yet. I need it a little while longer.

Link to post
Share on other sites

A Formal Complaint to the Data Controller of the company concerned, this ensures that your complaint is dealt with and responded to within 56 days.

 

 

Is the "password" vital to their defence?

Any Letters I Draft are N0T approved by CAG and no personal liability is accepted.

Please Consider making a donation to keep this site running!

Nemo Mortalium Omnibus Horis Sapit: Animo et Fide:

Link to post
Share on other sites

  • Recently Browsing   0 Caggers

    • No registered users viewing this page.

  • Have we helped you ...?


×
×
  • Create New...