|
|
|
|
|
|
by cdubzzz
3893 days ago
|
|
|
It's understandable that the information is there and accessible. But, again, it should never be communicated between employees, only between employee and account holder. Maybe such policy is not common practice for businesses? It seems like an obvious security measure. |
|
|
There are several problems with this:
1.) The phone number can be found on the internet.
2.) The technician code is just noted down as part of the request. It is not verified.
3.) The support employee's validation process that they are a field technician was that they were calling over the special phone number.
Obviously sensitive information was not supposed to be given out, but they hired anyone that was alive enough to answer a phone and tell people to reset their router.