AX Keeping drivers driving personal data breach

[colin11]

Hi there,

 

Looking for some advice, Over a year ago i was involved in a minor trffic accident, It was totally my fault as i was changing lanes and clipped another car causing a scrape on the front wing of the car i hit, The guy who's car it was has taken full advantage of that, Later that day i was contacted by a claims management company and he has claimed for a hire car, And personal injury despite a very very tiny accident

 

The above is just for information as to what has lead upto the current situation, Though i dont agree with all that he has claimed for, I kind of understand

 

Today i have received a letter from AX Keeping drivers driving informing me that my data that they were holding was stolen and the police are involved but they believe that the data they have stolen is "Unlikely" to be used for identity theft or fraud

 

I rang the number that they supplied in the letter and got through to Experian who are dealing with the data breach, They told me what data of mine was stolen

 

 

Name

Address

Mobile number

Email address

Car details including reg number

My insurance information

 

I have never had dealings personally with this company and i am not happy that they were holding so much information about me

There seems to be enough information for someone to be able to cause me some problems

 

Can anyone please offer any advice

 

Colin

 

 

Document_2021-05-18_164003.pdf

Edited May 18, 2021 by colin11

[BankFodder]

I think I would send them to letters – separately – separate envelopes.

One of them would be an SAR.

Second one would be an acknowledgement of the letter and asking them how they came by the personal data which they have been holding on you.

[dx100uk]

I'd be more concerned about the fleecing driver that is going to cost you £1000's in bogus claims if you don't play this properly

any dashcam footage, you him, other motorists-  any witnesses??

[colin11]

I was told on the phone that the information they held was supplied by the 3rd party, My insurance company is Axa and as much as I have tried to talk to them about the claim, I just can't get through to them

 

No dash cam footage or witnesses, I did hit him, That is not disputed, At the time he told me he would get his cousin to look at it, It was a very rusty old car with holes is the wing that I grazed, A few hours later I got a call from the accident group, 

I will send a SAR to AK, I can understand a claims management company having my information, But a hire company ? Something is off there 

Edited May 18, 2021 by colin11
Added a bit

[dx100uk]

the hire company might well have been rightly fwded your details as you caused the accident (have you admitted this in writing?) , so they know who to bill.

 

 

[colin11]

Nothing in writing at all, I told my insurance company i had an accident and thats it, They sorted the repair of my car, And ive heard nothing since from them, I got a letter a year later from his solicitors saying he was claiming for injury, But that was for information only 

[dx100uk]

ok don't think you've anything to worry about there then.

they had a legit reason to hold your data then in-case there was a claim made for hire car costs, as you'll see here thats quite a common scam that goes on now, . 

 

so they got hacked, and have, quite rightly told you so.

 

 

 

[daveb3553]

I created an account specifically to reply to this thread. 

 

I received a text message from AX informing me of a data breach. 

 

What was leaked for me was:

Claim Reference,

Name,

Address,

Telephone number,

Email Address,

Insurer details,

Vehicle make and model,

Accident details,

Repairer details and limited details in respect of the thirdparty driver. 

 

In your case, your the 3rd party. (your information was passed across by your insurance company) which is in your insurance contract. 

 

 

I've contacted xxxxxx. who are starting a claim for me as a GDPR breach to this level is really bad and carry legal (and settlement) figures. 

 

Just advice, your data has been mis handled. 

Do something about it. 

 

Just Google data breach, you'll find allot of companies. 

 

Hope this helped. 

Regards

David

[colin11]

So far I have submitted a SAR request, They have acknowledged receiving it today, Will wait for that to come back and go from there 

[unclebulgaria67]

I have a feeling that data breaches are on the increase.  Companies harvest so much data, that they have difficulty controlling it.

[daveb3553]

The whole point of GDPR is recognition of how valuable data is. 

 

And thus, destroy it when it is no longer absolutely necessary to have it. 

[dx100uk]

Despite the apparent strictness of the GDPR’s data retention periods, there are no rules on storage limitation.

 

Organisations can instead set their own deadlines based on whatever grounds they see fit. The only requirement is that the organisation must document and justify why it has set the timeframe it has.

 

The decision should be based on two key factors:

the purpose for processing the data,

and any regulatory or legal requirements for retaining it.

 

As long as one of your purposes still applies, you can continue to store the data.

[unclebulgaria67]

I have done DPA records management and the task is very difficult, because companies ask staff to ensure they comply with the legal standards required, providing them with guidance.

 

But in a large company handling a lot of data, mistakes will be made and some staff will find alsorts of non compliant ways to make their daily job easier.  There are IT system controls in place restricting where files can be saved, but  staff don't register details for each file. So they lose track of what data they have collected, purpose, storage period etc.

 

And one issue that has always troubled me, is companies storing data outside of the UK. How many people realise that their data could be stored in US, India, South Africa etc ?

[colin11]

Well, on the back of this I put a bad review of AX on Trustpilot which firstly resulted in a phone call from AX telling me they held no payment details for me at all in their data and also they tried to get the review removed 

So I sent a copy of the letter AX sent me and now my review is verified

 

I await my SAR  

[unclebulgaria67]

I think companies should be required to register a record for every person they hold any data for.  And then people could check on a central database which companies hold their data and send SAR's.