BT under ICO investigation following complaints over email data security as it moves customers over from Yahoo-based service
The UK's data authority is investigating BT after claims the company had 'exposed user credentials en masse'.
According to reports the Information Commissioner's Office (ICO) is looking into BT's data practices as it moves its customers' email accounts from a Yahoo-powered system to its own bespoke set-up.
The whistleblower who alerted the ICO to the possible issue is believed to be a former employee of the company tasked with building BT's new email system, Critical Path, which was acquired by California-based Openware last year.
According to the whistleblower the methods used by the company on behalf of BT to move its seven million customers over from Yahoo were insecure.
A spokesperson for BT commented: "BT takes the security of all products seriously and in the process of developing new services with partners, we rigorously audit and test for security, and fix any identified issues before going into live service."
BT also said the complaint related "to an issue identified and fixed" though it did confirm that the ICO had been in touch to begin enquires following the remarks.
Confidential documents, which have been leaked online, reveal the ICO believes that "on the basis of the information provided, we consider it unlikely that BT has complied with the requirements of the Data Protection Act."
Concerns were also raised that BT was using HTTP as opposed to the encrypted protocol HTTPS however BT has denied this.
As the documents leaked online were never meant to be seen the the public domain, the ICO has said that the comments should be treated as "preliminary" rather than a final conclusion on the matter.