The other day I received one such email, acknowledging receipt of $500, welcoming me to a business service, and listing "my" details, including full name, address (in New York State), phone number, SSN and partially obfuscated credit card number. I'm not sure why I even opened the mail, I could tell it wasn't really intended for me. At this point I felt a bit sorry for my namesake, who had spent $500 on a service she wasn't going to get, and I was a bit concerned about all her personal details being shared with a total stranger (you would think that a competent business would verify the email address before emailing details; at least they didn't send out her password in the clear). I was also a bit unhappy at the prospect of receiving all this person's emails forever.
There was no unsubscribe link, presumably because the person had already positively opted in to receiving the emails. I went to the URL the email originated from (typing it manually, not clicking any links in the email). I saw a website that looked legitimate in the sense that I guessed it was actually selling the thing it was claiming to be selling, not just trying to install malware on my computer. But it looked pretty slimy in the sense that what it was selling was essentially some kind of multi-level marketing scheme. I could not find any useful contact details for said slimy company; the only way to contact them was through their members-only area. I tried their Twitter account, and as expected got no reply. While this was going on I received a whole bunch more emails from the company, which made me the more determined to get myself off their books.
So I tried calling the number listed in the person's details in the email. I already have a calling plan such that calls to the US are free, so it was just a nuisance, not expensive, to do this. To my surprise, it was a home number, not a business number. The person who answered made no attempt to find out who I was or what my business was, just informed me that the person I was asking for was out, would be back in an hour and would I like her cell number? So I called again an hour later, having considered what I would say to make myself sound convincing. I personally would be very suspicious if I received a call from a stranger in a foreign country claiming there had been a security breach and the foreigner had access to my personal details. In the event the person believed me straight away without needing any convincing, and was effusively grateful that I'd let her know, and promised me to get things fixed straight away.
A little later I received an email from the company with a slightly panicked tone and rather poor SpaG begging me to please delete the email with the personal details. Of course by this point they'd already sold my email address on to various even scummier "business" services, so my hope that I was going to avoid getting unwanted mailshots was in vain. But at least I helped the person whose email address is one letter away from mine to get what she paid for.
( security thoughts )
I have no particular suggestions for how to fix this, but I'm annoyed.