EE - DATA BREACH and lack of response

Eos2025 · ‎18-08-2025

On July 10th I received a phone call purporting to be from EE advising me that as a loyal customer I was eligible for a new payment plan which was actually cheaper than my current one. The Caller then gave my full name and address and asked if these were correct which I then confirmed, he then asked if I was interested in details of the plan and sent a message from"EE". I say from EE because having had recent genuine messages from them regarding purchasing add ons etc on a recent holiday this message was a continuation of those messages and not a new separate message with a spurious address . Long story Short I then got several more messages requesting change of password and confirmation of banking details so a new direct debit could be set up with the discounted payment plan. At this point I became concerned about the real nature of the call and advised I didn't give my bank details to callers over the phone. The caller then attempted to re-assure me that it was EE calling and then was able to tell me my full name & address and full details of my monthly payments with correct dates and amounts down to the penny. Moreover he knew already much of the information about my banking and card details which would of course on the face of it appear to suggest he was indeed from EE as only myself, bank and EE would have that degree of information. However something still didn't sit right with me about the call and I then terminated the call so as to call EE directly myself. My suspicions proved to be well founded as to it being a hoax caller trying to gain the final details of my security number etc on the card and I was passed onto EE customer support whereby I questioned how come the caller had so much of my personal & banking details if not for a Data Breach at EE and I reported it as such. I was given a case number and advised that EE security would investigate the matter and I would receive a written response through the post within a week or so. After the call I then went onto the EE mobile App and and the first thing I got on my phone come up was an alert stating that my EE password (which was unique to EE) had appeared in a data breach. 2 weeks later and having not received any promised letter I went onto the EE online website and reported the facts once again with a message stating I would get a response within 5 working days I believe it was. That was three weeks ago and now 6 1/2 weeks later having first reported what I believe was serious data breach EE Have done absolutely NOTHING to address my concerns ...no Letter, no messages, no phone call ... Nothing at all 😡

In the meantime I've been online and seen several posts describing exactly the same scenario and events whereby customers who phoned customer service were advised there had been no Data Breach all !! ... Absolute nonsense 100% . Seeing how much of my personal & banking details had effectively been stolen I subsequently changed by banking card and had to rearrange payments to various parties as a result.

EE You may be in denial on this matter but your total lack of communication to a long standing customer following what I consider to be a very serious matter is simply disgusting 😡

Christopher_G · ‎18-08-2025

Hi @Eos2025

Welcome to the community.

I've sent you a private message to try and get you some help with this. Could you take a look at your private message inbox and get back to me please?

Thank you.

Chris

XRaySpeX · ‎18-08-2025

@Eos2025 : What number was the call from?

If you think I helped please feel free to hit the "Thumbs Up" button below.

To phone EE CS: Dial Freephone +44 800 079 8586 - Option 1 for Home Broadband & Home Phone or Option 2 for Mobile Phone & Mobile Broadband

ISPs: 1999: Freeserve 48K Dial-Up > 2005: Wanadoo 1 Meg BB > 2007: Orange 2 Meg BB > 2008: Orange 8 Meg LLU > 2010: Orange 16 Meg LLU > 2011: Orange 20 Meg WBC > 2014: EE 20 Meg WBC > 2020: EE 40 Meg FTTC > 2022:EE 80 Meg FTTC SoGEA > 2025 EE 150 Meg FTTP

EAS47 · ‎23-08-2025

Hi Eos2025 and Christopher_G

I had an experience today very similar to Eos2025. Call and email (with a passcode) claiming to be from EE, offering a discount of some sort. They knew an alarming amount about me. I was appalled at the reaction when I phoned EE. The first person I spoke to seemed to take me seriously, but reacted as though I was the first person to report anything like this, which I’ve now realised is quite clearly not the case. The second person I spoke to (after I’d discovered the email I’d been sent) was almost totally disinterested. I’m now looking to switch to another provider that takes customer security more seriously.

Matt_124 · ‎23-08-2025

These can kind of scammers can source your information from previous data leaks from various databases and sources present on the web and use this information to attempt to gain your trust. This information could be names, addresses, phone numbers or passwords (usually those that you use or have used in multiple places).

They can use this info to try to gain access to your EE Account either by attempting to log in with a valid password that has leaked elsewhere, which generates a one time passcode to be sent to you, or attempting to reset the password on your account which sends you a pin also.

These automated routes do generate a message from EE, in the same way that they would if you attempted to log in yourself. It does not indicate any kind of breach on the EE side, but moreso that your own information has been leaked. It is regrettable that the Guides could not give you the common advice to change your passwords etc, but they may have been put at ease that your account is safe based on what they could see and the fact you did not provide the callers with any information or access.

These are common scams, increasingly so, but they are not the fault of EE and are present across a number of providers and services. Quite often the only risk is in the victim providing them with the information they need - if they do not give what they want then it is often entirely safe. There is no way to prevent these people from 'trying their arm' as such to get people to give up access to their accounts by way of a password reset code.

It is always wise to be cautious and ensure the number that is calling is actually an EE outbound number, or the number of one of EE's partners. If in doubt, hang up and call back on a trustworthy number (150 in the case of mobile queries).

EAS47 · ‎24-08-2025

Thanks for your reply, but I’m not convinced by what you say. As far as I can recall, the only time I’ve had an email from EE is after I’ve successfully changed my password. I’ve done that in the last few minutes, and received the email. But during the process of logging on and changing the password, all PIN numbers were sent to my phone. Neither am I convinced by the reasons you give for the disinterested attitude of the Guide I spoke to yesterday. He gave no indication whatsoever that he had done any checks on the security of my account. His attitude was — and these are more or less the words he used — “it’s been reported, there’s nothing more I can do”.

Chris_B · ‎24-08-2025

@EAS47 What can the EE agent do apart from report it back to the relevant department. Your information that’s being used by a scammer can be because or your own negligence believe it or not. It’s also your own lack of judgment that the scammers are counting on. EE would never call you and then request you give them a one time passcode that’s sent to your device. They called you and you don’t know who they really are.

To contact EE Customer Services dial 150 From your EE mobile or 0800 956 6000 from any other phone.

EAS47 · ‎24-08-2025

I don’t know what an “EE Community Star” is. Take a look at reviews of EE. Over 75% 1-Star on TrustPilot. Suggests there may be things EE should be doing.

bristolian · ‎24-08-2025

@Chris_B wrote:
EE would never call you and then request you give them a one time passcode that’s sent to your device.

To be fair, this is exactly how outbound callbacks work. There's two safety nets that are usually in-place.

1: You should receive a text message from EE's outbound number a few minutes prior to the call, advising of "we will call you shortly" or words to the effect.

2: The outbound call is from EE's outbound number.