02.03.09
EDF MyAccount Security
I tried to login to my EDF MyAccount today to check what to expect on our next gas and electricity bill, but I couldn’t remember my login details (username, password, and PIN). I clicked the usual “forgot your password / pin?” link expecting to be given some kind of form to fill in in order to be able to reset my password, but instead was informed that I had to call customer services. When I phoned them up and explained the situation, instead of resetting my details the man on the phone was able to give them straight to me! I only had to provide a few basic details in order to get this far, which leaves me quite concerned that anyone could call up and get them quite easily. And that the customer service people themselves have access to all that unencrypted data!
I guess it’s not a huge deal as there isn’t much you can do from the MyAccount panel, other than change my billing details, view my energy usage, or claim my precious Nectar points, but it still doesn’t seem right.
Update: I called them back again as, foolishly, I forgot to write down my PIN code. Whoever I spoke to this time informed me that they could not give out such details over the phone, due to the Data Protection Act. When I mentioned that the person I’d spoken to before had given out all my details without hesitation he apathetically replied “I’ll get someone to look into that”… yeah, right.