(Finance) – “Hello, what kind of lists do you need? With or without an iban, weak operators or an electricity service? With an iban and a pod, they cost 0.07 euros per number, if you want cheaper lists, I have other operators at 0.04. I have many lots, it depends on how much you want to buy and I offer guarantees. I am a serious person, I have many customers, I have been working for years and no one has ever mentioned me in the negative because I only have quality lists, not junk. If you are not sure you can shop in small lots, like 50 euros each time, so you’ll see the seriousness”. At the center of the negotiation, one of the many that take place every day on social networks, from Facebook to the Telegram messaging app, is data from electricity and gas users, stolen and sold illegally. The methods of the theft of such data were explored this morning in a press conference in the Chamber of Deputies. On the occasion of the initiative, which saw the participation of Brothers of Italy deputy Luciano Ciocchettienergy trade associations, outsourcers and consumers, – ARTE, Assium, Assocall, Assocontact, Consumerismo, Business and Consumer Observatory (OIC) – they signed the first joint complaint that will be sent to the Privacy Guarantor, Arera, Agcm, Agcom and the Italian Digital Agency. An act by which consumers, resellers, energy traders, utility managers and contact centers merge into one common battle to end data leakage in the energy sector, a “phenomenon that has reached worrying levels” and which is at the basis of aggressive and illegal telemarketing scams and scams. The debate was attended by the ARTE spokesman, Diego Pellegrino; The president of Asseprim, Umberto Bellini; The president of Assium, Federico Bevilacqua; The president of Assocall, Leonardo Papagni; The president of Assocontact, Lelio Borgherese; The president of Consumerismo, Luigi Gabriele; The president of OIC, Gianluca Di Ascenzo.
We will all have received calls in which the alleged scammers introduce themselves as consumer protection associations, well-known suppliers or regional energy distributors and who, to validate their authenticity, provide the customer with details on personal data such as name, delivery address, fiscal code, customer code, etc. Furthermore, in some of these calls – the associations let us know in a joint press release – the customer is told that they are even acting as a courier for the delivery of a check as a refund, subject to authentication via an otp code sent to the mobile address, also in their possession. As is known, the Privacy guarantor stated that despite the 256 fines carried out since the gdpr was activefor a total amount of 123,369,569 million euros, they are equally counted about 4 thousand reports received per month from citizens.
Agcm and Arera have agreed, through the memorandum of understanding on consumer protection (approved with resolution 505/2014/A of 16 October 2014), forms of coordination and reporting of cases in which hypotheses of unfair commercial practices emerge relating to the sectors electricity, gas and water services. Even the Privacy guarantor agreed in 2015 (provision 4702076) with Arera on a provision that defines the collaboration on the protection of personal data in the energy sector.
Despite all these interventions, the phenomenon does not tend to subside, on the contrary – the associations point out – it seems to go against the trend until it worsens. After numerous surveys and investigations, the associations have ascertained that this phenomenon of “illegal” telemarketing it is, very often, the result of illicit trafficking of energy data, facilitated by poor security of energy data management systems. By acquiring illicit data on consumers, unscrupulous subjects can contact the user without being traceable thanks to the so-called “cli spoof” or the illegal technique that allows call centers to change their number, so that the user sees on his device a different number from the real one, often from outside the EU. The user is thus exposed to the most imaginative and fraudulent supplier change offers.
To stop the phenomenon – the associations underline – it is necessary to stop the leaks of data that allow subjects who operate illegally to contact users. The trials and tests carried out by ARTE, Assium, Assocall, Assocontact, Consumerismo and Business and Consumer Observatory (OIC) show that the Sii system (Integrated information system) managed by Acquirente unico spa, which collects all the data relating to energy contracts, has possible deficiencies with respect to the minimum IT security measures required by the privacy legislation and relating to the information systems of the Public Administration. “It is possible that from the system, which can be accessed with a simple username and password without further checks, – the associations explain – compliant subjects can exfiltrate and circulate the personal data of users who are undergoing a change of supplier and the related data on tariffs active in addition, of course, to the contact details.
Based on these findings it was “imperative” for associations to submit a detailed report to the Privacy Guarantor, Arera, Agcm, Agcom and the Italian Digital Agency which, each by virtue of their own responsibilities, are asked “to initiate the most appropriate preliminary investigations in order to verify the real security of the data of our energy users and adopt the consequent measures, expressly reserving the right to submit a formal complaint/complaint on the basis of facts narrated to the competent judicial authority”.