I was somewhat bemused to get this email today. Has anyone else got one?
You really couldn't make it up! My fossilised website is still there.
I wish the third party well with all the spam that I left pointing at
nezumi.dcu but wonder if the odd personal contact may have been caught.
--- begin email ----
Important information about
your
names.co.uk services
Dear customer,
As per our previous correspondence, use of the sub-domain(s) below has
now expired, meaning no mail or hosting services can be associated with
them. We have, however, identified a risk to any incoming mail
associated to the sub-domain(s) below, between 31st July and 06th August
2020.
nezumi.demon.co.uk
Security risk and impact
Since spring 2020, we have made you aware of the process of
decommissioning the sub-domain(s) above. Unfortunately, for a short
period of time, a manual error arose during the process to stop your
sub-domain(s) receiving emails.
Between 31st July and 06th August 2020, a connection was incorrectly
established with a third party server, meaning that this server
temporarily logged your now de-activated Demon email address(es) and the
email address(es) of anybody who sent email to that address. Please
note, no email content was ever delivered to the third party, as the
server rejected this content.
We have undertaken a full investigation and have obtained a signed,
legally binding undertaking from the operator of the third party server
confirming that no personal data, including email content, was accessed,
forwarded, viewed or stored. Additionally, we have confirmed through our
technical investigations that the logs were never accessed and have been
permanently deleted.
For the sake of clarity, we want to reassure you there is no question of
your
names.co.uk account or any other associated services having been
compromised.
How did this happen?
As a result of human error, an incorrect dummy domain name was used to
manage the decommissioning process, and this domain was subsequently
registered by a third party.
What have we done to mitigate the problem?
Once we had identified the manual error, the dummy domain was changed
and records updated. Since this happened, we have begun the process of
analysing how the error could have taken place.
We reported the risk to the Information Commissioner’s Office (ICO) and
traced the third party who had registered the dummy domain. We have
obtained a legally binding undertaking, from the third party, and we are
confident that there had been no intention to cause harm or access or
receive data, information or content.
What next?
We appreciate that communicating this security risk may cause you
concern and that it may leave unanswered questions. However, we want to
reassure you that we have investigated and taken appropriate action to
confirm that your personal data was not accessed.
As always, we recommend that you remain vigilant and act promptly in the
event of any unusual activity on any online platforms or channels that
may have been associated with your old email address.
Please accept our apologies for this error and for the concerns it may
have created. If you have any further questions, please get in touch
directly by calling us, emailing us at
d...@names.co.uk or by raising a
ticket in your
names.co.uk Online Control Panel.
Kind regards,
Steve Ewart, Commercial Director
names.co.uk
----end email ----
It strikes me as very bad practice to use a dummy domain that you do not
actually have control of in this situation. "Human error" apparently...
Now where did I leave my bell, Book and candle?
--
Regards,
Martin Brown