Someone with my identical full name has for the past few years kept providing my old and unused gmail email address to various entities.
This has included banks, shops, and a company which apparently offers training to help you acquire a gun license in Poland.
I now know where this person lives (from order confirmation emails). I know this person's date of birth. I also know this person's PESEL (Polish national identification number) because one of the banks "protected" a document intended for this person by using part of the PESEL as a password (I just brute-forced that part). The other part is just an encoding of the birth date.
So I now have enough information to impersonate someone just because a number of organisations screwed up by not verifying ownership of an email address.
This has included banks, shops, and a company which apparently offers training to help you acquire a gun license in Poland.
I now know where this person lives (from order confirmation emails). I know this person's date of birth. I also know this person's PESEL (Polish national identification number) because one of the banks "protected" a document intended for this person by using part of the PESEL as a password (I just brute-forced that part). The other part is just an encoding of the birth date.
So I now have enough information to impersonate someone just because a number of organisations screwed up by not verifying ownership of an email address.