The title pretty much summarises the whole thing.
So, two weeks ago I was talking to a friend and they casually mentioned that ZOL had sent them a list of customers and where they lived. The person I was talking to did not seem to realise that it wasn’t at all proper for that to have happened.
ZOL sent them an email that had a list of a bunch of people in a specific neighborhood with details of possible faults to their ZOL connection and the status of the support rendered. Their full names, addresses and phone numbers were supplied.
I let the issue go and thought maybe it was just a random thing and ZOL probably fixed this. Besides I had not seen the list myself.
Last week I saw an email sent to Techzim from one of our readers complaining that they had got a list of a bunch of people in a specific neighborhood, different one from what my friend got. Again the list had full addresses and phone numbers. This time the full list was forwarded to us.
There were over 100 ZOL customers on this list, all from one neighborhood even organised around the streets these people reside in. I was shocked.
The responsible thing
On seeing this list my immediate response was to alert ZOL. I thought it best to let them know there is some kind of a privacy breach instead of rushing to write about this. I also introduced them to the reader who had reached out in the hope that this would help ZOL pin point what the problem was and thus solve it.
I even told the reader that Techzim would not run this story to avoid sending panic because I thought this was just a random thing and would be solved once and go away.
ZOL response or lack of…
Initially ZOL responded to the customer and promised that the issue would be looked into and they would inform the customer what had happened and how it would be resolved. This feedback was promised to come within 24 hours. After that email, ZOL went quiet beyond the 24 hours.
Again the customer reached out to ZOL (I was copied) and expressed displeasure that ZOL did not seem to think this issue of sending customer data to a random person was important. To that, again ZOL responded and said they had dropped the ball and it wasn’t who they were and they would make sure the issue got attended to.
Maybe POTRAZ would help
When nothing still happened, the concerned customer asked me if POTRAZ would be the place to get recourse. I advised them to try but again told them Techzim would not publish this if it can be resolved quickly.
The customer went on to inform POTRAZ of the incident and chronicled what had happened up to that point. I thought that was the end of it for me and for Techzim.
ZOL does it again
This morning I saw an email from the same customer to ZOL after ZOL had sent the same list of customers for the second time on Saturday! It’s like ZOL was saying, “How dare you report us to POTRAZ, here’s the list again, report that.”
My reaction was again to immediately reach out to ZOL but this time to inform them that I was running this story. They asked for an hour to resolve this. I gave them an hour but told them I would still run the story, the hour was just so they can comment and explain what was going on.
Later on, I was notified by ZOL that they had reached out to their customer. The customer also notified me that ZOL had said the list of customers had been sent by human error. I don’t know if that even means anything.
ZOL does it again, again
The same customer then got another email of the same list this morning, in the midst of all this. Third time is the charm perhaps…
3 times! Is that still human error or it’s human deliberate action? If ZOL had said the error was a computer systematic error it would have made sense but a human being sending the same private data over and over to a person who is actually complaining about receiving such data….
It’s been hours now so the response from ZOL is very late. If they do send through answers to my questions, we will either update this article or publish a new one.
Why this should be treated seriously
Detailed information of customer names, addresses and phone numbers in the wrong hands is a very dangerous thing. For instance, bogus ZOL maintenance guys can show up at a residence and be able to convince people there to let them in…
Identity theft is on the increase in Zimbabwe and these kinds of mistakes don’t make it too difficult for such criminals to assume an identity that’s not theirs.