Scams, phishing and hacking…

With the recent hacking of the Talk Talk customer servers, the news media is busy wheeling out the usual so-called internet security experts offering the usual post apocalypse advice.

One sentence from Talk Talk is particularly enlightening: ” At this stage, we’re not sure how many of our current and previous customers have been affected.”

One piece of advice that makes sense on the face of it is to close any account as soon as you finish doing business with any company. In truth this is easier said than done:

“Some time ago,” I closed a certain mobile account because I found their coverage too be poor where I then lived. A few months later, I was surprised to find I could still login to the account and see that the small remaining balance had been, er, “siphoned up” by the company’s “timeout policy”. After looking for a “Delete Account” button and not finding one, I phoned customer services and was promised the account would be deleted properly- not just closed.

Some, 12 years later, having moved home and switched back to the same company, I decided to set up another account but was refused because the same username and password were already in use. So, although my old account was no longer accessible via the customer’s user-interface, it turns out all my financial and personal ID data had been held by the company “just in case”.

Now, I can see how they can justify holding onto your details for a month or two as a convenience so you don’t have to enter all your personal details again, should you have a change of mind, but 12 YEARS??!

I can’t help wondering how many other “closed” accounts I have gathering cobwebs with companies I no longer deal with and may have long since forgotten about but which are rich pickings for the hackers and scammers.

It makes a mockery of the advice to “close accounts of companies you no longer deal with” and, in any event, it’s virtually impossible to know if an account has in fact been deleted if even the company’s own support staff can’t do it.

Maybe the law should be changed forcing companies to actually delete closed accounts and not jut squirrel them away “just in case.”