BT is being investigated by the Information Commissioner's Office (ICO) due to a whistleblower's claims that it "exposed user credentials en masse," as users' email accounts were moved from a Yahoo-based system.
The whistleblower is believed to be a former employee of California-based company Critical Path, who is responsible for migrating seven million users onto BT's new email system. The whistleblower claims that the method of migration is insecure, and allows spammers and scammers access to customer's personal data.
A spokesman for BT stated that the company takes the security of their services very seriously and denied that any personal data had been compromised. BT admitted that the vulnerabilities described did exist, but were discovered and fixed during the testing phase of the project. But according to the ICO, based on the information supplied by the whistleblower they consider it unlikely that BT had complied with the Data Protection Act.
The ICO has made it clear that documents that have been published were not intended for viewing by the general public, and that all information should be treated as preliminary concerns and pending investigation. No doubt more news will follow. [The Register via BBC News]