Who do you report a major PII breach to - Also, don't use eFax!

[Fitz]

So, the efax number i got apparently belonged to someone else before. In the "inbox", there are several faxes from a few months ago. Including some woman's tax data, a voided check, address, etc.

She runs a local business. I've already reached out to her so we can get together and resolve this. My question is, who do you report this kind of thing to, other than the guilty company?

I don't know if a crime has been committed, so I'm not sure if it would be the Police. Is there some kind of consumer agency that handles privacy breaches?

[Tallpine]

So when are you going to get my taxes done     

[HankB]

It's the woman whose privacy has been breached, so the onus is really on her to straighten this out - you're being a good guy by informing her of this data breach.

BUT . . . if you ever give up your eFax number and it gets issued to someone else, YOU might find that data meant for you is ending up elsewhere, and then it will be your data that's at risk of compromise.

I'd say keep in touch with the woman and see how she handles it, and talk to the eFax company about this problem; if it's not resolved to your satisfaction, some news organizations have consumer arms, and in the wake of data breaches at Target, Nieman-Marcus, etc., they may be eager to jump on this; bad publicity may force a solution.

[Boomhauer]

Did she clean out her inbox before she stopped using eFax?

Did she stop people from sending her stuff to that number once she stopped using eFax?

No? Then it's not anyone's fault but hers. Not eFax's fault.


Now if she cleared out the inbox and then that stuff got put back in the inbox by eFax's screwup, then that's a breach.

[MillCreek]

I have a similar problem with a GMail account.  I use my real name as the address for one of the accounts, and I have had that account for years.  I have been astonished to see the number of people all across the world who have the same name as me and are using that as a GMail account address.  I have found out that there is a math professor in Texas, a judge in Connecticut, an Anglican minister in England, a truck driver in Kansas, an IT person in England and others too numerous to count, all with the same first and last name.

If I get junk mail for one of them, I just delete it.  For example the IT person in England signed up for match.com, and I get daily matches for 20-25 year old women within 100 miles of London.  I delete those because my wife won't let me fly to England to meet some of them.  But on occasion, I do get personal, medical, business or financial information directed to someone else.  My approach is to reply to the sender, point out that I am a healthcare risk manager north of Seattle, and although I would be happy to help them with any patient safety or malpractice issues, I am not the actual person they are looking for, and I have deleted the email and any attachments.  I probably get the most contacts for the judge in Connecticut, since I get a couple of emails per month asking if I can officiate at a wedding ceremony.  

I sometimes wonder if anyone else is getting email intended for me.

PS: I forgot to mention: my favorite is the person in Australia who signed up for some Oz equivalent of Adult FriendFinder down there.  I think he is in his mid-20's and I periodically get these private messages from these middle-aged Oz women looking for hookups with younger men.  Some of them have nude photos attached, and I can say that Oz women sure tend to be tanned, usually all over.

[Hawkmoon]

I probably get the most contacts for the judge in Connecticut, since I get a couple of emails per month asking if I can officiate at a wedding ceremony.

Heh, heh.

Not a judge. Since I am a justice of the peace in my state, I periodically get offers to join some national justice of the peace organization. In Connecticut, justices of the peace are not judges. The only two things they can do are take affidavits ... and perform weddings. It seems there are many of them who make a living doing nothing but performing weddings. That's probably who you're getting e-mails for.

[Fitz]

Did she clean out her inbox before she stopped using eFax?

Did she stop people from sending her stuff to that number once she stopped using eFax?

No? Then it's not anyone's fault but hers. Not eFax's fault.


Now if she cleared out the inbox and then that stuff got put back in the inbox by eFax's screwup, then that's a breach.

Not exactly. When an account is deprovisioned it should be wiped. Nothing for her has arrived since I got the account, its all old. There shouldn't have been anything in the inbox when the account was provisioned for me

[vaskidmark]

Not exactly. When an account is deprovisioned it should be wiped. Nothing for her has arrived since I got the account, its all old. There shouldn't have been anything in the inbox when the account was provisioned for me

Using that word indicates a deep and abiding belief in the Easter Fairy, the Tooth Bunny, and rainbow chemtrails.  Please add those facts to your profile.

stay safe.

[HankB]

I have a similar problem with a GMail account.  I use my real name as the address for one of the accounts, and I have had that account for years.  I have been astonished to see the number of people all across the world who have the same name as me and are using that as a GMail account address . . .

Can they actually ACCESS it, or do you have the only password?

[Fitz]

Using that word indicates a deep and abiding belief in the Easter Fairy, the Tooth Bunny, and rainbow chemtrails.  Please add those facts to your profile.

stay safe.

Yeah, so if it is NOT done when an account is provisioned, that's a potentially MAJOR security problem. Hence me asking about reporting it.

[BlueStarLizzard]

I have a similar problem with a GMail account.  I use my real name as the address for one of the accounts, and I have had that account for years.  I have been astonished to see the number of people all across the world who have the same name as me and are using that as a GMail account address.  I have found out that there is a math professor in Texas, a judge in Connecticut, an Anglican minister in England, a truck driver in Kansas, an IT person in England and others too numerous to count, all with the same first and last name.

If I get junk mail for one of them, I just delete it.  For example the IT person in England signed up for match.com, and I get daily matches for 20-25 year old women within 100 miles of London.  I delete those because my wife won't let me fly to England to meet some of them.  But on occasion, I do get personal, medical, business or financial information directed to someone else.  My approach is to reply to the sender, point out that I am a healthcare risk manager north of Seattle, and although I would be happy to help them with any patient safety or malpractice issues, I am not the actual person they are looking for, and I have deleted the email and any attachments.  I probably get the most contacts for the judge in Connecticut, since I get a couple of emails per month asking if I can officiate at a wedding ceremony.  

I sometimes wonder if anyone else is getting email intended for me.

PS: I forgot to mention: my favorite is the person in Australia who signed up for some Oz equivalent of Adult FriendFinder down there.  I think he is in his mid-20's and I periodically get these private messages from these middle-aged Oz women looking for hookups with younger men.  Some of them have nude photos attached, and I can say that Oz women sure tend to be tanned, usually all over.

Well, if your wife won't let you go to london, why not ask if you can go to Oz?

[MillCreek]

Can they actually ACCESS it, or do you have the only password?

They cannot access it, no.  Although I do get the occasional automatic email from Google saying that a password reset has been requested, so I know that someone is trying to capture the account.

[Scout26]

I would simply notify eFax and the Lady whose info you accidentally received.

As long as no one tried to use her info to obtain goods and/or services in her name, then no laws were broken.


Eh, so hit happens.  However, you are advised to be cautious as to what you use the account for.

[Fitz]

I would simply notify eFax and the Lady whose info you accidentally received.

As long as no one tried to use her info to obtain goods and/or services in her name, then no laws were broken.


Eh, so hit happens.  However, you are advised to be cautious as to what you use the account for.

I'm cancelling it. Only time I ever need to send a fax is when it's something important to the VA or whatnot. Aint' taking chances.

[MechAg94]

I have a similar problem with a GMail account.  I use my real name as the address for one of the accounts, and I have had that account for years.  I have been astonished to see the number of people all across the world who have the same name as me and are using that as a GMail account address.  I have found out that there is a math professor in Texas, a judge in Connecticut, an Anglican minister in England, a truck driver in Kansas, an IT person in England and others too numerous to count, all with the same first and last name.

If I get junk mail for one of them, I just delete it.  For example the IT person in England signed up for match.com, and I get daily matches for 20-25 year old women within 100 miles of London.  I delete those because my wife won't let me fly to England to meet some of them.  But on occasion, I do get personal, medical, business or financial information directed to someone else.  My approach is to reply to the sender, point out that I am a healthcare risk manager north of Seattle, and although I would be happy to help them with any patient safety or malpractice issues, I am not the actual person they are looking for, and I have deleted the email and any attachments.  I probably get the most contacts for the judge in Connecticut, since I get a couple of emails per month asking if I can officiate at a wedding ceremony.  

I sometimes wonder if anyone else is getting email intended for me.

PS: I forgot to mention: my favorite is the person in Australia who signed up for some Oz equivalent of Adult FriendFinder down there.  I think he is in his mid-20's and I periodically get these private messages from these middle-aged Oz women looking for hookups with younger men.  Some of them have nude photos attached, and I can say that Oz women sure tend to be tanned, usually all over.

I wonder if some of those people use numbers in their email name,but people forget to include them.