PlusNet exposes customers' personal data
PlusNet who operate a number of virtual providers including Force9 accidentally emailed the personal details of around 20,000 customers to a list of up to 1,800 customers. It appears the issue was first raised publicly by users on our forums yesterday lunchtime.
The information sent out was in a comma separated spreadsheet format and contained the following fields: "service_id","username","full_name","product_name","subscription_charge", "postmaster_email","alt_email","visp","optout_status","active_status","real_name".
PlusNet are understood to be emailing those affected to apologise and ensure they are aware of what information was leaked. Fortunately, whilst this is a serious incident, it should be pointed out that no credit card, banking or postal address information appears to have being leaked so whilst this is very embarrassing for the company, the damage will be limited. They advise those who may have received the e-mail with the file to delete it.
One Force9 customer who requested to remain anonymous said "I am still a little stunned as to how a company can be so incompetent." and has requested a MAC code to migrate to another provider. This event is the second serious incident with PlusNet's service. Recently, the company lost up to 700GB of e-mail .
The PlusNet User Group has a statement from Ian Wild on the matter, but since links to the PUG website began to be distributed on the Internet, the site became overloaded and it has been restricted to users on the PlusNet network. This statement confirmed that PlusNet has reported the incident to the Information Commissioner who oversees enforcement of Data Protection legislation.
Update 18:30: The PUG website is once again available to non Plusnet users, and can be found at usergroup.plus.net.