A customer purchased travel related services from a company. The company sent him an email with a link to his booking details on its website. The customer noticed that the website url link ended with his booking number. He observed that by changing the booking number, he could view booking details for other customers. He realised that other individuals would also be able to view his booking information.
The booking details included personal information about customers like:
• Name
• Address
• Phone number
• Email address
• Vehicle registration
• Travel datesThe customer was concerned about this information being disclosed. He contacted the company asking it to secure his personal information on its website, but it did not respond. He then complained to us.
Read more about the investigation and outcome on the Privacy Commissioner of New Zealand’s web site.
Via @JCELaw