Call centre staff had access to customer’s dates of birth, addresses, bank details, and even itemised lists exposing who had they had been calling.
Gary Quinn, who no longer works for Orange told Channel4 News ‘In the event that a customer rings up for example to pay a bill with their credit card and then gives all their credit card detail to the Orange operator on the other end of the phone, the customer has no idea that person could be logged on under completely false identification and therefore is completely untraceable.’
Quinn alleges Orange is breaking its own data protection rules. Staff also have to sign non-disclosure agreements about their passwords as part of the Orange email and internet policy.
Orange said in a statement: "It is Orange policy that no member of staff should log in using any user name other than their own. If a member of staff was found to be using a colleagues’ details to log into the system, we would take this matter very seriously, and it could result in disciplinary action.
‘Last month, a temporary employee told his team leader that he was aware of some members of Orange frontline staff sharing their log-ins. We immediately issued a communication to frontline staff, reinforcing our policy and then began to thoroughly investigate the claim.’
Orange aren’t aware of any fraudulent activity taking place, and are investigating the matter which may take a few days.