I have just (Thursday 7th) swapped my mobile phone contract to BT Mobile. The order included porting my number from the previous provider. The port is supposed to happen tomorrow.
Last night (21:50 6th) I got an e-mail from a scammer claiming "I backup your mobile phone with last digit 58" and asking for $1000 in bitcoins otherwise he or she or it will reveal my secret to all my contacts.
The E-mail was addressed to the E-mail account that I use with BT. And the last two digits of the ported number are 58. As far as I know BT are the only organisation that would have the association between those two items, and they only learned the mobile number on Thursday last week when I requested the port. Normally for commercial websites I use one time addresses based on the firm name and one or two other domains I have available, so no other organisation that has my mobile number (and there are not many that do) would have that particular E-mail address.
It seems a very far fetched coincidence that the scammer has obtained these two pieces of data on exactly the weekend that BT got them both. I wonder what other personal data ( address etc. was also compromised.
I know its a scam, and I am not paying the ransom - don't worry! (Actually I would possibly pay a couple of $ to get a full backup of the stuff on my phone , because I am too sloppy to get round to doing it regularly.)
But because of the targeting my conclusion is that someone in BT has passed the data on. Given the relatively small number of people who would have had access to the two pieces of data since Thursday last week, I would have thought that BT's internal investigations people might be interested to identify and plug the leak.
Anyone know who I should contact in BT to alert them? The alternative I suppose is to report the incident to the Information Commissioner.