https://www.bbc.co.uk/news/technology-46896329EE 'Breach' led to stalking by ex
"He had access to everything: my sort code, my account number, a photocopy of my driver's licence.
"It did put me at risk and I feel all customers should know how poorly something like this will be handled if there is a data breach on their account.
"It was a complete breach of trust. I don't trust the way they handled my data at all."
Internal policies 'not followed'
An EE spokesman said its own internal policies were not followed in this case.
"This matter has been dealt with internally and the employee involved no longer works for us," he said.
"While we worked quickly to protect Francesca, we apologise for not keeping her informed of the actions that we took during this time."
The Information Commissioner's Office said that under the Data Protection Act and GDPR it was "illegal for individuals to access personal data without authorisation".
It said there was also an obligation for companies to ensure data was managed securely, and protect "against unauthorised or unlawful processing and against accidental loss, destruction or damage".