Arnold Clark data breach
Discussion
We use quite a few passwords (for different services) on the company machines...most have to be changed every 3 months...and most have different requirements. i.e. some need a special character, some don't or won't allow them; some need more than 12 characters; some need maximum of 8 characters; some don't like foreign characters...which is a pain on non-English keyboards.
So, how does the company expect you to remember a random jumble of words/characters that follow no pattern, and changes frequently?
We're not allowed to store passwords in the browser, we're not allowed to install/use a password manager, we're weren't allowed to use the built-in fingerprint/windows hello features of the laptops until last month. We're not allowed to use YubiKey and the like.
So, most people store their passwords in a notebook, or on OneNote / StickyNotes / Notepad on the laptop.
So, how does the company expect you to remember a random jumble of words/characters that follow no pattern, and changes frequently?
We're not allowed to store passwords in the browser, we're not allowed to install/use a password manager, we're weren't allowed to use the built-in fingerprint/windows hello features of the laptops until last month. We're not allowed to use YubiKey and the like.
So, most people store their passwords in a notebook, or on OneNote / StickyNotes / Notepad on the laptop.
mmm-five said:
We use quite a few passwords (for different services) on the company machines...most have to be changed every 3 months...and most have different requirements. i.e. some need a special character, some don't or won't allow them; some need more than 12 characters; some need maximum of 8 characters; some don't like foreign characters...which is a pain on non-English keyboards.
So, how does the company expect you to remember a random jumble of words/characters that follow no pattern, and changes frequently?
We're not allowed to store passwords in the browser, we're not allowed to install/use a password manager, we're weren't allowed to use the built-in fingerprint/windows hello features of the laptops until last month. We're not allowed to use YubiKey and the like.
So, most people store their passwords in a notebook, or on OneNote / StickyNotes / Notepad on the laptop.
Problem there is your company is asking you to do the right thing but isn't giving you the tools to let you do it properly.So, how does the company expect you to remember a random jumble of words/characters that follow no pattern, and changes frequently?
We're not allowed to store passwords in the browser, we're not allowed to install/use a password manager, we're weren't allowed to use the built-in fingerprint/windows hello features of the laptops until last month. We're not allowed to use YubiKey and the like.
So, most people store their passwords in a notebook, or on OneNote / StickyNotes / Notepad on the laptop.
iphonedyou said:
Too much 'Suits' for anyone suggesting they'll be joining a class action in the UK.
In fairness, if jurisdiction is held to be in Scotland (rather than English & Welsh law) then there are now provisions in Scottish law for group litigation.I’m no expert but I believe that there can be grounds under Scottish law for opt-in actions.
We know that in English law Lloyd v Google put paid to class actions for data breaches, so I expect that AC’s lawyers will be seeking to apply that in the Scottish courts.
As for how much one can expect to recover for injury to feelings - the last time the leading KC (QC when I spoke to her) guided me was £250-£750 for a data loss of a similar type. Since then there has been the Rolfe judgment, which has confirmed the position that a de minimis threshold must be reached to be able to bring a claim for distress.
Wait to see what data has been lost and then try not to listen to the ambulance chasing lawyers who’ll promise you everything and deliver nothing. If there is a credible class action, great, but that’s a long and lonely road if it even gets off the ground.
I was notified a couple of days ago.
Does anyone know if the stolen data also includes payment card details - account number, sort code, 3 digit number on back of card?
I'd like to think it was encrypted to within an inch of it's life but in this case I'm assuming nothing.
Anyway, I called the help line setup by Arnold Clark and got a fairly useless individual who said they'd forward the question on and expect a response in 3-5 working days - you would have thought they'd have a lot of this basic info to hand rather than passing it on to someone else to answer.
Does anyone know if the stolen data also includes payment card details - account number, sort code, 3 digit number on back of card?
I'd like to think it was encrypted to within an inch of it's life but in this case I'm assuming nothing.
Anyway, I called the help line setup by Arnold Clark and got a fairly useless individual who said they'd forward the question on and expect a response in 3-5 working days - you would have thought they'd have a lot of this basic info to hand rather than passing it on to someone else to answer.
OMITN said:
As for how much one can expect to recover for injury to feelings - the last time the leading KC (QC when I spoke to her) guided me was £250-£750 for a data loss of a similar type. Since then there has been the Rolfe judgment, which has confirmed the position that a de minimis threshold must be reached to be able to bring a claim for distress.
I respect your well informed knowledge and you are only the messenger here . So your saying that people on here who are fast to gob off on their key board and act like "Mr I am look at me everybody" are going to be claiming for hurt feelings
That made me fall off the chair laughing
Guess what .... You lot gave them the feckin details in the first place
jeremyh1 said:
I respect your well informed knowledge and you are only the messenger here .
So your saying that people on here who are fast to gob off on their key board and act like "Mr I am look at me everybody" are going to be claiming for hurt feelings
That made me fall off the chair laughing
Guess what .... You lot gave them the feckin details in the first place
u ok hun? xSo your saying that people on here who are fast to gob off on their key board and act like "Mr I am look at me everybody" are going to be claiming for hurt feelings
That made me fall off the chair laughing
Guess what .... You lot gave them the feckin details in the first place
jeremyh1 said:
I respect your well informed knowledge and you are only the messenger here .
So your saying that people on here who are fast to gob off on their key board and act like "Mr I am look at me everybody" are going to be claiming for hurt feelings
That made me fall off the chair laughing
Guess what .... You lot gave them the feckin details in the first place
No, distress. A well established legal principleSo your saying that people on here who are fast to gob off on their key board and act like "Mr I am look at me everybody" are going to be claiming for hurt feelings
That made me fall off the chair laughing
Guess what .... You lot gave them the feckin details in the first place
In the law of tort.
As for your fatuous comment about giving the details I’m the first place, of course: how do you expect businesses to operate and individuals to be able to operate. There are very clear duties to protect personal data in law (statutory and common), none of which are controversial or hard to understand.
Well, except for some. Don’t bother replying - I know the rules of arguing with an idiot.
pablo said:
I know you mean well but This is a pretty terrible idea in all honesty. Here’s what the National Cybersecurity Centre say, look for guidance on “three random words.”
link
Way ahead of you there. link
I’ve already upgraded all my passwords to ‘password456’ and I’ve also implemented 2 factor authentication.
Well, it’s a post-it note with ‘password456’ written on it in biro, stuck to my PC, but I class it as 2FA.
OMITN said:
No, distress. A well established legal principle
In the law of tort.
As for your fatuous comment about giving the details I’m the first place, of course: how do you expect businesses to operate and individuals to be able to operate. There are very clear duties to protect personal data in law (statutory and common), none of which are controversial or hard to understand.
Well, except for some. Don’t bother replying - I know the rules of arguing with an idiot.
You cant say don't bother replying because you consider your side of the argument to be correct who exactly do you think you are?In the law of tort.
As for your fatuous comment about giving the details I’m the first place, of course: how do you expect businesses to operate and individuals to be able to operate. There are very clear duties to protect personal data in law (statutory and common), none of which are controversial or hard to understand.
Well, except for some. Don’t bother replying - I know the rules of arguing with an idiot.
Its just not my world
I actually live in the countryside where this sort of thing never enters my mind , Just don't need to worry about It
I am flabbergasted that so many people are scared to death of this. Horrendous things could happen to you and I hope they don't but this is not one of them
I'm guessing most of you are younger than me I think should all try to enjoy life a bit more
jeremyh1 said:
Its just not my world
I actually live in the countryside where this sort of thing never enters my mind , Just don't need to worry about It
I am flabbergasted that so many people are scared to death of this. Horrendous things could happen to you and I hope they don't but this is not one of them
I'm guessing most of you are younger than me I think should all try to enjoy life a bit more
So anyone at risk of online identity theft and fraud should move to the countryside to escape the risk? I actually live in the countryside where this sort of thing never enters my mind , Just don't need to worry about It
I am flabbergasted that so many people are scared to death of this. Horrendous things could happen to you and I hope they don't but this is not one of them
I'm guessing most of you are younger than me I think should all try to enjoy life a bit more
It's obvious you don't understand the problem.
Edited by Driver101 on Saturday 25th February 08:00
How does their countryside immunity thing work? I used to live properly in the middle of nowhere so obviously was completely safe, but now I’ve moved to a village of a couple of thousand, is it a sliding scale where now they’ll only be able to get stuff which doesn’t matter much or should I be bricking it?
FredericRobinson said:
How does their countryside immunity thing work? I used to live properly in the middle of nowhere so obviously was completely safe, but now I’ve moved to a village of a couple of thousand, is it a sliding scale where now they’ll only be able to get stuff which doesn’t matter much or should I be bricking it?
None I'm just not so highly strung as you people I dont get the problem
The only organisation with my Passport and personal details are the airlines and if your buying a car why the hell do you give them all this info
We just do bank transfers we don't need to give them our DLs ect I don't know how you people get yourselves n such a mess!
Then panic about something that will never happen!
If it is about gaining compensation then just state that clearly but stop acting like a bunch of old women
jeremyh1 said:
None I'm just not so highly strung as you people
I dont get the problem
The only organisation with my Passport and personal details are the airlines and if your buying a car why the hell do you give them all this info
We just do bank transfers we don't need to give them our DLs ect I don't know how you people get yourselves n such a mess!
Then panic about something that will never happen!
If it is about gaining compensation then just state that clearly but stop acting like a bunch of old women
You think online fraud doesn't happen in the countryside. Now you can't think of a reason why a car dealer would require to see your driving license. I dont get the problem
The only organisation with my Passport and personal details are the airlines and if your buying a car why the hell do you give them all this info
We just do bank transfers we don't need to give them our DLs ect I don't know how you people get yourselves n such a mess!
Then panic about something that will never happen!
If it is about gaining compensation then just state that clearly but stop acting like a bunch of old women
You're getting abusive, sexist and condescending to people whilst making a fool of yourself. It's worrying seeing someone with so little common sense.
jeremyh1 said:
Ha ha I called you a bunch of old women and you say that it's sexist!
There you go exactly what I mean. This is a perfect example of our fecked up modern society reflecting everything in this thread.
Looks like someone has been a good boy though and turn up for his diversity training
Jeremy, put the keyboard away. There you go exactly what I mean. This is a perfect example of our fecked up modern society reflecting everything in this thread.
Looks like someone has been a good boy though and turn up for his diversity training
Gassing Station | General Gassing | Top of Page | What's New | My Stuff