The Telstra Complaint Saga continues ... and continues ... and finally reaches a conclusion

Final Update 14/6/18

​After two weeks of investigation, the Telstra agent handling the complaint (see below for further details of this lengthy saga) has reported today that they have ascertained that there was a lack of adequate checking of the identity of the iTandCoffee client.

The Live Chat staff team will receive further training to ensure such a breakdown in security does not occur again. 

This was the assurance that I was seeking in raising the issue initially. So much time and resources wasted to get this far.

We have officially closed the case, but I have the contact details for this complaints agent should any such incident occur again.

---

Update 22/5/18. 

So, I finally got a call from Telstra at 6:17pm on 21/5/18 (not before 9am that day, as had been promised by the agent on preceding Saturday).

I was told that the previous agent who had been assigned my complaint had 'met with an accident'. Oh dear! 

This new agent had not yet reviewed the complaint and obviously had no idea what it was about. Not a great way to start our conversation! I suggested that he read the case notes then call me back, rather than waste my time on the phone while he reviewed these notes.

When he called back 45 minutes later, he expressed his confusion about why I had complained. When I explained again that Telstra had given away account information without doing sufficient identity checking, he told me that he felt they had - that only the account holder would know their first name, last name and email address.

Really? I think I might have said "Are You Kidding?". Was someone who was supposed to be from the 'Privacy Complaints' team really suggesting that it would be ok for Telstra to provide account access to a person who only provided a name and email address, and no other identifying information?

The conversation got nowhere - this agent failed to see the point of the complaint and was the opposite of helpful, more concerned with why I was raising the complaint when it wasn't my account on which the incident occurred.

I gave up, telling him that I would be contacting the TIO (Telecommunications Industry Ombudsman) about the security breach and Telstra's lack of responsiveness on this matter. He suggested I do whatever I need to do. I got off the phone fuming, further appalled at the way Telstra handles complaints.

Update 28/5/18:  

So, on 28/5, I lodged the complaint with the TIO (took me a few days to work up the energy!), in the hope that their involvement will put me in touch with someone in Telstra who cares to investigate this matter further, and provide assurance that they take the matter seriously.  At the very least, the person involved surely needs further training.

If other agents (like the person I spoke to on Monday) think it's OK to give away password resets for Telstra accounts when all they are given is a name and email address, then there is a wider training issue that requires urgent attention.

​As a Telstra customer, I remain very concerned about the security of my own accounts.

Update 29/5/18: 

Contacting the TIO certainly helped. Within 24 hours, I received call from Telstra in response to my TIO complaint.

I was asked to send through the 'live chat' transcript and other 'authority to act' confirmation emails from the client involved, and received a commitment that I will receive another call on Monday 4/6.

Stay tuned for the next update on 4/6.

---

Here's what happened earlier ...  (Written 20/5/18).

Two weeks ago I wrote about an concerning privacy/security breach that I lodged as a complaint with Telstra, where I was allowed to reset a client's Telstra account password without providing any identity information for that client (apart from name and email address).

(Read this earlier article here ...)

All I can say is that my original complaint has now turned into a new complaint about Telstra's appalling complaints handling process!

Despite 3 calls to Telstra over the past 4 weeks, and promises each time I would receive a call-back within 24-48 hours, NOTHING has happened.  No call, no email, NOTHING.

My third call about the complaint came about this week after Telstra sent me a 'how did we deal with your complaint' questionnaire at almost the 4-week mark of my original complaint. Did they seriously do that?  Surely their records showed that THEY had not done anything about my complaint!

Naturally, I ranked them at zero, which took me to a form that told me to call a 1800 number and quote my complaints reference number to discuss my complaint.

I called this number this week on 16/5. When I told the person on the 1800 number that I had never been given a complaint number, she asked me 'well, how did you get this number then'.  When told about the questionnaire I was sent - and that, despite requests, I had not been given a complaint number - she was quite apologetic and promised to see what she could do.

After a lengthy call, I was again promised that someone would call me back within 24-48 hours. I advised that, if no-one called me back before end-Friday (18/5), I would have not other option but to take the complaint further.

After no call back for the third time, I decided to give it one last try today before taking my complaint further and called again today, 19/5 - the 1 month anniversary of my original complaint.

As I write this blog entry, I am currently on hold again, having been told that the complaint is showing on the system as still not assigned to anyone, and that the 'complaints reception' area needs to be contacted to find out the status. Same as last time, when I was put on hold over and over with no result.

I tell the agent this time that I only have 5 minutes and do not want to got through the same experience as last time.  She assures me she will keep me informed on progress with the attempts to contact the 'complaints reception'.

My blood pressure increases as the 'on hold' music continues. Attempt 1 fails, so she tries again.

Up to 14 minutes now ... I am told that there may actually have been someone assigned to the complaint. They are trying to find out more.

Up to 18 minutes now ... and I receive the information that the complaint record shows someone called me last night (18/5) after 8:40PM and supposedly left a voicemail.  

Putting the Telstra agent on hold, I double-check my missed calls and voicemail. Nothing - no missed call, no voicemail. My phone was with me last night, and on - and definitely received nothing. It looks to me like someone updated the complaint record to try to make it look like they had made contact within 48 hours when they didn't.

Now I'm even more mad!

The agent promises that the person assigned to my complaint will call me back on Monday before 9am, when they return from their weekend break.
I hang up, having wasted yet another 21 minutes of my life on a fruitless Telstra call.

As the 30 days is up now since my original complaint, and Telstra has failed to respond, it's time to work on that formal complaint about Telstra's privacy breach and lodge it with the Office of the Australian Information Commissioner (OAIC). 

As a Telstra customer, I find it quite terrifying to think how much risk my own personal data and account security may be at, due to mistakes like that which I have recently experienced. We heard in the press only in the last week about a person whose phone number was ported without her permission, resulting in theft from her bank account. It made me wonder whether she suffered a similar privacy/security breach. 

I cannot believe how appalling the handling (or, should I say, lack of handling) of the complaint has been.  Maybe it is because of the number of complaints like mine that they are having to deal with.  Even more frightening.

Has anyone else been suffering similar problems with a Telstra complaint?