# Security breach n Ebay



## Pudsey_Bear (Sep 25, 2008)

I was interested in a van on Ebay earlier today, I asked for more pictures, and I got them about an hour ago via Whatsapp, Ebay gave my mobile number out with my outgoing message.

I am awaiting their response as they say this can't happen, I've sent them two screenshots of two message to the seller, both have my mobile and a landline number I had when I first joined Ebay


----------



## jiwawa (Jun 22, 2007)

Just what you DON'T want happening Kev.


----------



## patp (Apr 30, 2007)

As if life isn't stressful enough!


----------



## GMJ (Jun 24, 2014)

Pudsey_Bear said:


> I was interested in a van on Ebay earlier today, I asked for more pictures, and I got them about an hour ago via Whatsapp, Ebay gave my mobile number out with my outgoing message.
> 
> I am awaiting their response as they say this can't happen, I've sent them two screenshots of two message to the seller, both have my mobile and a landline number I had when I first joined Ebay


That's quite alarming Kev.

Let us know what they say...when/if you get a response.


----------



## raynipper (Aug 4, 2008)

Your in good company Kev. Boris has had his phone number posted for all to see.

Ray.


----------



## fdhadi (May 9, 2005)

I’m sure Boris has got mine and everyone else’s.


----------



## Penquin (Oct 15, 2007)

File a formal complaint with the Data Protection organisation but do it URGENTLY, ideally within 72 hours of discovering the breach;

https://ico.org.uk/for-organisation...ction-regulation-gdpr/personal-data-breaches/

Scroll down that page, to the "At a glance" sections some way down.

It is a serious breach of your personal data, it needs responding to in that manner, DO NOT WAIT FOR EBAY TO GLOSS OVER IT.


----------



## Pudsey_Bear (Sep 25, 2008)

I had a look yesterday at this.

https://www.gov.uk/data-protection/make-a-complaint


----------



## Penquin (Oct 15, 2007)

I followed through from that page, with the link at the bottom and putting in what I suspect would be your answers eg the organisation has shared your data with someone else, they have responded but not with a "full and final" response and end up at this page;

https://ico.org.uk/make-a-complaint...oncerns/personal-information-concerns-report/

Interesting exercise as it is not something I have ever tried before, needless to say I have not lodged it as against fleabane, or any name whatsoever as I do not have such information 😊

I hope that you do get some sort of explanation, it's not from a company that you have ever been in touch with before is it ?


----------



## Pudsey_Bear (Sep 25, 2008)

No, it was just a request for pictures of a van we were interested in, the wrong layout for us but a nice van.

I'm not sure there is much point in my persuing it or not to be honest.


----------



## Pudsey_Bear (Sep 25, 2008)

I just got a response from Ebay.

*Hello Kev,

Thank you for writing back to eBay and sharing the screenshot.

Kev, I am really sorry for the inconvenience you have faced in this matter, however I would like to share that we have not shared any of your details with the seller. Through the messages it seems that you have mistakenly added this details in the messages. Rest assured, we never share any personal details with the seller.

We regret for the inconvenience and appreciate your patience and understanding in this matter.

I appreciate the opportunity to have helped you with this information. For further assistance, please feel free to get back to us, we will be more than happy to assist you.

Kind Regards,

Roshni V.

eBay Customer Support*


----------



## Penquin (Oct 15, 2007)

So, it’s all your fault but they don’t really explain how “you mistakenly added these details”, are you able to work out if what they say is true, or an attempt to cover an error on their behalf ?


----------



## Pudsey_Bear (Sep 25, 2008)

I know it's bull****, the first number is my current number, the second is my girlfriends about 16 years ago as we used to sell from the same account so extremely unlikely that I would remember it, and also why would I give it out.

I've edited out my personal details.


----------



## Penquin (Oct 15, 2007)

In which case, presumably you will challenge them at the highest level, pointing out how impossible it would have been for her answer to be feasible ?

I know I would....


----------



## Pudsey_Bear (Sep 25, 2008)

I already asked them why they are lying to me, and given them the remainder of the 72 hours to respond honestly.


----------



## raynipper (Aug 4, 2008)

Fraud all over the web.

https://www.theguardian.com/money/2...cams-but-fraudsters-are-getting-off-scot-free

Ray.


----------



## Penquin (Oct 15, 2007)

and in No. 10 ? 

Some examples of allegedly questionable activity from there;

Awarding contracts to eg ferry companies that have never operated Ferries’s, own no boats and are a shell company ?

PPE equipment contracts that deliver unusable items at inflated prices from countries that have no expertise by pest control companies ?

Test and trace app contract to a close contact at a many million pound cost, it fails at its first limited trial and seems to have disappeared into the dust ?

A test and trace system employing people to sit around for weeks before being laid off and which spectacularly fails to meet any expected results, but the MP’s wife running it is safe in the Lords and never makes public statements ?

As you say, fraud is widespread and is only a step away from cronyism....


----------



## Pudsey_Bear (Sep 25, 2008)

Can we stick to eBay or it'll just get to be a messy thrad.


I sent an email reporting Ebay, so we'll just have to see what happens next.


----------



## raynipper (Aug 4, 2008)

Just giving yours a bump Kev cos I couldn't find the scams thread. Must try harder.

Ray.


----------



## Pudsey_Bear (Sep 25, 2008)

I'll let you off then Ray


----------



## Pudsey_Bear (Sep 25, 2008)

Just got a pretty useless response from ICO why do they blame covid for everything, most large outfits are working from home by now.

*To read this email in English click here

I darllen yr ebost yn y Gymraeg, cliciwch yma

Thank you for contacting the Information Commissioner's Office. We confirm that we have received your correspondence. During the Coronavirus pandemic, please see our website for updates on the service you can expect from us during this time. You can also call us on 0303 123 1113 or contact us via live chat.

If you have asked us for advice - we will respond within 14 days. While you wait, you should regularly check our website for relevant guidance, as we are updating this all the time. You should also read our GDPR myth busting blogs. If you have raised a question that we have answered on our website, we may respond by sending you a link to it. But we will do our best to provide you with the information you need.

If you have made a new complaint - we're unlikely to look into it unless you have raised it with the responsible organisation (for a data protection complaint) or the responsible public authority (for a freedom of information complaint) first. Please make sure you have sent us a copy of their final response to you. We will assign your complaint to a case officer as soon as we can, and they will contact you in due course.

If your correspondence relates to an existing case - we will add it to your case and consider it on allocation to a case officer. If you believe we have either failed to take appropriate steps to respond to your data protection complaint, or we do not provide you with information about the progress or outcome of your complaint within the next three months, you may be able to apply to the First-tier Tribunal to require us to respond to your complaint or to provide you with information about its progress.

If you represent an organisation and you are reporting a personal data breach under the GDPR or the Data Protection Act 2018 - we aim to contact you within seven days to confirm receipt and to provide you with a case reference number. If you want advice urgently, you should telephone our helpline on 0303 123 1113. If we consider the incident is minor or you have indicated that you do not consider it meets the threshold for reporting, you may not receive a response from us, or we may respond by sending you a link to the relevant part of our guidance. You can find out more about data breach reporting on our website.

Where a significant cyber incident occurs, you may also need to report this to the National Cyber Security Centre (the NCSC). To help you decide, you should read the NCSC's guidance about their role and the type of incidents that you should consider reporting.

Incidents that might lead to a heightened risk of individuals being affected by fraud, should be reported to Action Fraud - the UK's national fraud and cybercrime reporting centre. If your organisation is in Scotland, then reports should be made to Police Scotland.

If you are a Communications Service Provider reporting a security breach under the Privacy and Electronic Communications Regulations - you will need to report the security breach via this secure portal.

If you represent an organisation and are reporting a potential incident under the NIS Directive - we will contact you as soon as we can. You can find out more about the NIS Regulations on our website.

If you represent an organisation and you are reporting a security breach within the definition of the eIDAS regulation - we will contact you as soon as we can. You can find out more about the eIDAS regulation on our website.

If you have reported spam email - we are unlikely to need to contact you again, unless we need more information to help with our investigations. We publish details about the action we've taken on nuisance messages on our website.

If you have asked for information you think we might hold - we will contact you if we need any more information to help us respond. Otherwise, we will respond within our public and statutory service levels.

If you have only copied your correspondence to us - we will not respond.

There is more information on our service standards and what to expect webpage. You can also call 0303 123 1113. We welcome calls in Welsh on 0330 414 6421. You can also contact us on live chat.

For information about what we do with personal data please see our privacy notice.

Yours sincerely

The Information Commissioner's Office

Our newsletter
You can sign up to our monthly e-newsletter*


----------



## raynipper (Aug 4, 2008)

Thats brilliant Kev. I will keep that as an automated reply to any official enquiries about tax, residency, difficult questions, etc. Just change the numbers.

Ray.


----------



## Penquin (Oct 15, 2007)

Are the side effects including losing weight and gaining weight too ?

That letter covers everything but says absolutely nothing, it is a superb example in obstructiveism......


----------



## Pudsey_Bear (Sep 25, 2008)

It takes a government to talk real bo11ocks


----------



## GMJ (Jun 24, 2014)

Pudsey_Bear said:


> I already asked them why they are lying to me, and given them the remainder of the 72 hours to respond honestly.


Any news Kev?


----------



## Pudsey_Bear (Sep 25, 2008)

It's a government department so I'm not holding my breath.


----------



## Pudsey_Bear (Sep 25, 2008)

Good job I didn't


Update


Thank you for your email of 5 May 2021.

The ICO is currently reviewing your complaint about eBay's information rights practices. We will be in touch as soon as we have an update. 

Thank you for your patience. 

Yours sincerely,


----------



## Pudsey_Bear (Sep 25, 2008)

Update from ICO




18 June 2021

Case Reference Number: IC-104503-J0Y9

Dear Kevin,

Thank you for submitting a complaint about the processing of your personal information.

The ICO’s role

Part of our role is to consider complaints from individuals who believe there has been an infringement of the data protection law.
We deal with complaints like this under section 165 of the Data Protection Act 2018 which requires us to take steps to respond to complaints including investigating to the extent that we feel is appropriate. It also requires us to inform the complainant of the outcome of their complaint.

We use complaints to build up a picture of an organisation’s information rights practices so that we can identify and target poor performing organisations. Details of the action we have taken is available on our website.

Your complaint

You have informed the ICO that your mobile number has been disclosed by eBay to a third party without your consent. 

The outcome of your complaint

We have considered the issues that you have raised with us and our decision is that there is more work for the organisation to do.

We have therefore raised your issues with the Chief Executive, via the Data Protection Officer, explaining that we want them to work with you to resolve any outstanding matters.

One of the ICO’s strategic goals is to increase the public’s trust and confidence in how personal data is used and made available. Data Controllers are responsible for ensuring they adhere to the law, and the principles of the Data Protection Act, and that includes making sure that individuals understand how that applies to their circumstances, and the processing that they are carrying out.

In your case, we expect the organisation to fully address your complaint by telling you what they are going to do to put things right, or if they believe they have met their data protection obligations by explaining fully how they have done so.

We have allowed the organisation 28 days to consider the issues that you have raised with us and to consider next steps in your case. As such we have closed your case and don’t intend to take any further action. However, if you don’t hear back from the organisation after 28 days then please let us know.

Thank you for bringing this matter to our attention. We have recorded the issues and the details of the organisation that you complained about to help us to better understand how data controllers are dealing with information rights issues.

Yours sincerely,


----------



## jiwawa (Jun 22, 2007)

Pudsey_Bear said:


> ....we have closed your case and don't intend to take any further action. However, if you don't hear back from the organisation after 28 days then please let us know.


Why have they closed your case if there's a possibility you might have to contact them about it again? Sounds like a fob off to me.


----------



## Webby1 (Mar 11, 2012)

Not only fascinating how it might have happened in the first place..........BUT how they are actually dealing with it......fobbing off is right.

Not intending to detract from OP.......but a while back I e mailed a genuine complaint about a Wetherspoons (I hate everything about him except his pubs) 

Anyway expected a response along the lines of.............sorry about that here's £5 voucher....................we value you as a customer. 
Instead I got.............we do not accept your complaint and we will not engage in any further discussion about this matter.

Sadly I think it's the future for many "customer services"................we're not interested............what are you going to do about it.


----------



## Pudsey_Bear (Sep 25, 2008)

Trip advisor and google reviews are quite useful if you have problems.


----------



## Pudsey_Bear (Sep 25, 2008)

Update from Ebay

eBay
eBay Privacy - Your ICO complaint SR# 1-348767741807

Dear Mr

I am writing to you in relation to your ICO complaint concerning your personal data which was shared with an eBay seller.

We have investigated the matter for you and can confirm that this matter concerns a listing placed in the "Classifieds Ad" format. eBay sellers can choose to place a Classified Ad for items falling under specific categories, including motor vehicles. As also explained on eBay's Help Page "Selling with Classified Ads", this type of listing differs from other selling formats on eBay, in that the transaction is not concluded within the eBay platform but rather directly between the seller and the buyer.

Interested buyers viewing a Classified Ad are notified of the following: "This is a classified ad listing. There is no bidding on this item, so contact the seller for more information."

When interested buyers select the "Email/Contact the seller" option found in each Classified Ad listing, they are directed to a contact form which also includes a section called "Your contact information". This section includes fields containing the name and phone number registered under the contacting user's account. This information is clearly visible to the contacting user when completing the contact form, and there is also the possibility to change or remove those details before proceeding to send the message to the seller.

In view of the above, your contact details were not forwarded to the other party without your knowledge, since they were included in the form you completed to contact the seller. eBay processed your personal data in this case for the purpose of fulfilling its contractual obligations to you, namely to facilitate direct communication for a potential transaction between you and the seller of the item you were interested in (please also refer to section 5.1. of eBay's User Privacy Notice).

We hope that the above clarifies the situation and that it can help resolve the matter. We, however, remain available to respond to any further questions you may have.

Kind regards

Patrick

eBay

[THREAD ID:1-4G7ZB3W3]


----------



## GMJ (Jun 24, 2014)

Does that answer your query/complaint Kev?


----------



## Pudsey_Bear (Sep 25, 2008)

I think so.


----------



## bilbaoman (Jun 17, 2016)

So you need to remove your details before contacting seller when buying contacting a person selling using a classified add and it looks like Ebay offers no protection at all if something goes wrong when buying from a classified add. Thanks for the information


----------

