I am shocked that Club members have not been officially informed, by email or recorded mail, of this data breach by the Committee.
This MUST be rectified immediately.
Club members must be told:
1. What personal information was published online?
2. How long this information was available online?
3. How many people accessed this information?
4. What measures have been taken to ensure this mistake doesn't happen again?
Club members should be made aware of possible and potential scam contacts.
Jeanette Wilson
Data Breach Club Members
Re the breach of personal data. I can confirm the following as I was able to access the personal, date of all club owners WITHOUT having to use a password, therefore it was wide open to anyone, anywhere, who opened up the LRHC official website. This could be done by simply clicking on the search box which then gave a number of options. Then if one clicked on “Members” then all the personal data was available. I could read my own data and thousands of others.
The personal details which were accessible were : Username, email address, Mobile phone or landline number.
Many owner’s have since received unsolicited emails of a scam type and a few have had unwanted phone calls too.
How many times the data was accessed is a mystery but the data breach was in existence for about 15 hours.
Once such information gets in the wrong hands, there is a resale value amongst scammers, therefore its very feasible that owner’s data as described could be distributed worldwide.
The official statement that the personal data could only be accessed by an owner logging in with a username and password is blatantly untrue.
Hope this helps
The personal details which were accessible were : Username, email address, Mobile phone or landline number.
Many owner’s have since received unsolicited emails of a scam type and a few have had unwanted phone calls too.
How many times the data was accessed is a mystery but the data breach was in existence for about 15 hours.
Once such information gets in the wrong hands, there is a resale value amongst scammers, therefore its very feasible that owner’s data as described could be distributed worldwide.
The official statement that the personal data could only be accessed by an owner logging in with a username and password is blatantly untrue.
Hope this helps
-
cliffhunter
- Posts: 13
- Joined: Sat Sep 19, 2020 6:38 pm
Raymond,
This is what I was advised was the case – if this incorrect then it was incorrect but I could only provide the information I was given.
Can you please advise the members how you became aware of it and if you, yourself, reported this – as I have been advised that it was the courier not a club member who did so.
I think the real question that does need an answer is why Ann Blyth was aware of the breach but failed to notify the club in a timely manner as well as why did she sit on this and for how long, as I have been reliably informed that it was she who became aware of the breach but failed to notify the club straight away and only sometime later advised the courier – very strange & suspicious behaviour.
Cliff Hunter
This is what I was advised was the case – if this incorrect then it was incorrect but I could only provide the information I was given.
Can you please advise the members how you became aware of it and if you, yourself, reported this – as I have been advised that it was the courier not a club member who did so.
I think the real question that does need an answer is why Ann Blyth was aware of the breach but failed to notify the club in a timely manner as well as why did she sit on this and for how long, as I have been reliably informed that it was she who became aware of the breach but failed to notify the club straight away and only sometime later advised the courier – very strange & suspicious behaviour.
Cliff Hunter
I think the main questions Owners would prefer addressed is why was Mr Hunter,the self professed IT EXPERT at LRHC, unaware of the website being left 'wide open' and once he was aware of it why he didn't IMMEDIATELY inform ALL Owners that their CONFIDENTIAL details had been breached? It would also be interesting to know why he continued with his narrative of the site only being 'Open' to other Owners, particularly after other Owners including myself made him aware of it being open to all and Timeshare Touts phoning owners?
Perhaps some Owners are wondering why both former Chairpersons are giving this Owner named Ann Blyth such a bad press. Could it be because Ann resides locally and was well aware of the chaos unfolding before her eyes both in the local village and the Club with increasingly high numbers of employees becoming ill from Anxiety and Stress and chose to alert Owners of her concerns having had no clear explanation when raised directly with the Chair. Ms Blyth highlighting these concerns to owners, as you would imagine, went down like a lead weight with certain Chairpersons. I think we all owe Ann our thanks for offering both staff and villagers support during a very difficult and chaotic period in our Club's history and refusing to be silenced although put under considerable personal pressure to do so. Do let me make it quite clear, I don't personally know this lady, as a former chairperson(s) may suggest that I am 'her fri' and would say that!
Just in case you haven't heard the more positive news on the Club .... The new Chairperson has posted on the Alternative Owners Forum a most informative update about the way forward to help the Club recover from recent debacles. to view it, Register on
lochrannochhighlandclub.net (if you have problems registering you can contact webmaster@lochrannochhighlandclub.net) This website is not manned 24/7 as it was set up and run by owners when this Forum was taken off line.
Mr Robertson I don't share your support for Ms Blyth like you do. Having helped her once in the car park after an AGM when she fell ill, I am no longer a fan due to her breaching GDPR. She advised readers of the unofficial forum of my whereabouts. When it happened to one of her customers, she was so discussed. The police were not impressed either that she compromised my safety.
Now, you never answer a question, only issues statements and copies from other media. Which is against forum rules.
You talk about staff and what is happening to them. How do you know this? When were you last on site may I ask? Do you have the place bugged? Why don't you publish true evidence Mr Robertson, not hearsay and gossip.
Now, you never answer a question, only issues statements and copies from other media. Which is against forum rules.
You talk about staff and what is happening to them. How do you know this? When were you last on site may I ask? Do you have the place bugged? Why don't you publish true evidence Mr Robertson, not hearsay and gossip.
Mr Hunter: I don’t have to explain my legitimate actions to anyone but my comments above are self explanatory.
Nevertheless I went on to the LRHC site which being on the worldwide web is accessible to anyone and accessed the data as described without any need to log in to the site.
It is an indisputable fact that this shouldn’t have been possible and that there was a breach of personal data of all club members including my own.
Because I saw this for myself, does not make me guilty of anything unless you know different.
On the other hand someone at LRHC is responsible for the breach of personal data which may still have a far reaching effect if its reached the hands of fraudsters.
Accordingly if you have any issues with Ann Blyth, then she is the one you should direct questions at, as I do not speak for anyone but myself.
Hope this clarifies things.
Nevertheless I went on to the LRHC site which being on the worldwide web is accessible to anyone and accessed the data as described without any need to log in to the site.
It is an indisputable fact that this shouldn’t have been possible and that there was a breach of personal data of all club members including my own.
Because I saw this for myself, does not make me guilty of anything unless you know different.
On the other hand someone at LRHC is responsible for the breach of personal data which may still have a far reaching effect if its reached the hands of fraudsters.
Accordingly if you have any issues with Ann Blyth, then she is the one you should direct questions at, as I do not speak for anyone but myself.
Hope this clarifies things.
-
cliffhunter
- Posts: 13
- Joined: Sat Sep 19, 2020 6:38 pm
Mr R. Robertson – I am NOT a self professed IT expert, I AM a highly experienced and qualified IT expert in my specialist field, this being desktop support & deployment. As a deployment specialist I have managed large deployment’s both in the UK and overseas (particularly in Africa) and had to be brought in at short notice to take over management of deployments and as a desktop support specialist I am a key worker in Government, with an understanding of other areas. IT is an industry with a myriad of specialities – of which no-one can claim to be an expert in all. Before you judge – make sure you are A) perfect & B) know your facts, other wise you come across as an arrogant, ignorant individual who has NO ability to effectively communicate.
Why was I unaware – because Ann Blyth chose not to tell ANYONE other than her “chums” in the club and the press, the press being the reason I did not have a chance to tell the owners, as I had to deal with the press enquiry while at the same time having to work FULL TIME & continue with a house move. I advised that it was only open to owners as THAT IT WAS I WAS ADVISED - if this is what I am advised how can I advise others of anything different?
While the data breach was unacceptable, there is 1 part of any system where failigns happen – the human factor. Yes, these things shouldn’t happen but when you factor in the human element these can, do & will happen – this is part of being human, something obviously you know nothing about as you are so perfect and NEVER make mistakes. If the information falls into the hands of timeshare touts then Ann Blyth is more culpable than anyone as if she had reported this to the club the MOMENT she became aware of it, rather than keeping the information to herself for who knows how long and then only reporting it the her chums & the press, the information would have been secured FAR QUICKER
Could it be that both myself and Julie are giving Ann Blyth such bad press as it is because this is what she was doing to us – yet never had the decency to even attempt to contact either of us or the club to get a full picture of what is going on. This is NOT the behavior of someone who can be trusted but more like the morally corrupt behavior of a narcissist who only wants the club run they way SHE (and her club chums) wants it run with the committee of her (and her club chums) choosing – I now believe that this is a significant reason the club is in such a state - from this arrogant, morally corrupt, narcissistic harassment & intimidation of committee members who stepped up to the plate when the club needed us but didn’t “fit” what these members wanted by a small number of members who haven’t got the backbone to step up themselves, instead preferring to hide behind a keyboard engaging in fake news, harassment & intimidation of members who simply want what is best for the club and the sooner the club ceases to be run by a committee of members the better as people such as yourself and Ann Blyth will NEVER allow the club to thrive and reach its full potential due to your appalling attitude towards other members.
My final question is why the chair thinks it is appropriate to post on the unofficial forum and not the official forum – very strange behavior, from yet another of your chums, which clearly shows he cares nothing for keeping all members fully informed as if he did why has this “most informative update” not been sent as a bulletin??
R Thomson – if you only speak for anyone but yourself can you please answer this simple question – when YOU became aware of the data breach did YOU report it to the club immediately or, like Ann Blyth, choose to sit on this? If you did sit on this why?
Why was I unaware – because Ann Blyth chose not to tell ANYONE other than her “chums” in the club and the press, the press being the reason I did not have a chance to tell the owners, as I had to deal with the press enquiry while at the same time having to work FULL TIME & continue with a house move. I advised that it was only open to owners as THAT IT WAS I WAS ADVISED - if this is what I am advised how can I advise others of anything different?
While the data breach was unacceptable, there is 1 part of any system where failigns happen – the human factor. Yes, these things shouldn’t happen but when you factor in the human element these can, do & will happen – this is part of being human, something obviously you know nothing about as you are so perfect and NEVER make mistakes. If the information falls into the hands of timeshare touts then Ann Blyth is more culpable than anyone as if she had reported this to the club the MOMENT she became aware of it, rather than keeping the information to herself for who knows how long and then only reporting it the her chums & the press, the information would have been secured FAR QUICKER
Could it be that both myself and Julie are giving Ann Blyth such bad press as it is because this is what she was doing to us – yet never had the decency to even attempt to contact either of us or the club to get a full picture of what is going on. This is NOT the behavior of someone who can be trusted but more like the morally corrupt behavior of a narcissist who only wants the club run they way SHE (and her club chums) wants it run with the committee of her (and her club chums) choosing – I now believe that this is a significant reason the club is in such a state - from this arrogant, morally corrupt, narcissistic harassment & intimidation of committee members who stepped up to the plate when the club needed us but didn’t “fit” what these members wanted by a small number of members who haven’t got the backbone to step up themselves, instead preferring to hide behind a keyboard engaging in fake news, harassment & intimidation of members who simply want what is best for the club and the sooner the club ceases to be run by a committee of members the better as people such as yourself and Ann Blyth will NEVER allow the club to thrive and reach its full potential due to your appalling attitude towards other members.
My final question is why the chair thinks it is appropriate to post on the unofficial forum and not the official forum – very strange behavior, from yet another of your chums, which clearly shows he cares nothing for keeping all members fully informed as if he did why has this “most informative update” not been sent as a bulletin??
R Thomson – if you only speak for anyone but yourself can you please answer this simple question – when YOU became aware of the data breach did YOU report it to the club immediately or, like Ann Blyth, choose to sit on this? If you did sit on this why?
Mr Hunter. Let me be clear about this, I am not answerable to you in any shape or form.
Attempts to deflect snd shift blame on to others won’t wash either.
You imply you were “ advised” re the data breach only being accessible to owner’s which is not correct, however that leaves me and everyone else left wondering how many IT experts there are at LRHC and personally, I was only aware of there being one.
Its happened, owner’s now know what did happen and that’s that.
Nor do I wish to waste any more time over it
Attempts to deflect snd shift blame on to others won’t wash either.
You imply you were “ advised” re the data breach only being accessible to owner’s which is not correct, however that leaves me and everyone else left wondering how many IT experts there are at LRHC and personally, I was only aware of there being one.
Its happened, owner’s now know what did happen and that’s that.
Nor do I wish to waste any more time over it
Well once again we have just witnessed another fine example of an ex-Chairperson 'throwing their dummy out of the pram' whilst tying themselves in knots as they attempt to refute any responsibility for yet another debacle at the Club, blaming EVERYTHING on Ms A Blyth, an Owner who refused to be intimidated into silence and who alerted other LRHC Owners to the desperate plight of Employees; Ex-Employees and local Kinloch Residents. Mr Hunter should take time to reflect on the damage caused to The lives of so many and the Club's reputation being brought into disrepute during his time in the Chair before apologising to everyone concerned, not least Ms A. Blyth.
Just like R Thomason, I too am pretty bored with our deluded ex-chairperson's convoluted excuses, as the proverbial 'Cat's out of the bag' and let's face it, there are only a limited number of occasions one can witness a person(s) 'shoot themselves in the foot' before you become embarrassed for them, and I've pretty much reached my limit. So let's ALL leave them in the past and move on to a less chaotic future at Rannoch with much more professional and business minded persons joining the Committee helping to navigate our Club into calmer waters.
Just like R Thomason, I too am pretty bored with our deluded ex-chairperson's convoluted excuses, as the proverbial 'Cat's out of the bag' and let's face it, there are only a limited number of occasions one can witness a person(s) 'shoot themselves in the foot' before you become embarrassed for them, and I've pretty much reached my limit. So let's ALL leave them in the past and move on to a less chaotic future at Rannoch with much more professional and business minded persons joining the Committee helping to navigate our Club into calmer waters.