I left Pipex over 2 months ago, my email address with them still works (though I never actually used it) and I can still maintain my 50mb personal webspace from them.

Just tried logging into the new MyPipex site with my old user/pass and it worked, on the old system the user/pass stopped working on the day my ADSL service from them finished.

.

I can understand leaving the account 'live' for a short time after the user leaves so they can tie up loose ends to do with changing email addresses, but 11 month old user/pass still active? pure absurdity.

I just logged into my former ISP's user portal (Eclipse Internet) and can still access everything I could when I was a customer, including being able to see my credit card details. An appropriate email has just been sent to their customer services for an explanation. I ceased to be a customer of theirs back in August 2006!

I left Pipex well over a year ago and can still log into my account.

We finished with pipex in February after appalling customer service and amounts of money being taken out of our account

Ive just been able to log into MyPipex and change the credit card details, surely they shouldn't be allowed to have this information after we have canceled our contract with them

poor

I left in 0ct 2006 . And surprise surprise all my details are on there including all my statements . Im really quite annoyed at this . I have changed the details as I dont trust these folls not to leave it somewhere unsecure .

Pipex swallowed and choked (good!) on Bulldog, one of the worst companies to ever exist, short of chemical warfare manufacturers.

Left pipex in jan this year when i moved to the UAE.

Account still works, shame my credit card wont as I cancelled it, before moving country.

After reading this story, I went to see if my details were still held by Freedom2Surf (who were bought by Pipex and then went down the toilet, hence my leaving them about 6 months ago), and lo and behold, I could still log in, all my details were still there including bank and credit card details.

Bunch of bankers!

To Pipex - haha, in my experience they don't give a toss. I only stay with them cos i usually solve my own problems. I pity the non-teccies who are given the runaround. (my neighbour is one of those unfortunate souls).

No, instead complain to the Information Commissioner, copying it in to Pipex. Mention that you believe they have breached the principles of the Data Protection Act in that data should not be retained for longer than is necessary - IMHO, 12 months is more than excessive

Sadly the rules on data retention are mostly ignored.

This is another example of a company simply getting caught out, but it is unlikely to change their practices.

While contracting in web development for inxs of 10 years, almost all the people i worked for had a simple policy of not deleting any customer data unless absolutely necessary ... "You never know when we might need it" was the usual justification.

This is compounded by weak laws and little incentive to obey them.

I personally think that we all should flip the laws on their head, meaning that I own my data, I am the only one that can use or sell it, and i have to be asked whether a company can keep it and for how long. Additionally large penalties should levied on companies that fail to respect my 'right' of ownership of my data.

Credit card numbers, blah blah blah. Perhaps the whole system itself is broken?

If you can't be sure that you haven't left data lying around, then the next best thing is to make sure that whatever you have left behind is of no use.

Just suppose credit card numbers changed per transaction, rather than every couple of years when a new card is issued. Then it wouldn't matter if someone else could see your credit card number, because it could not be used to initiate a new transaction.

That may not be practical, but a per-transaction authorisation token certainly is realisable.

In the meantime, reduce the spending limit on your credit card to no more than you could afford to lose irretrievably.

Surely this is in line with a variety of legal obligations? Not least of which are the moneylaundering/identitytheft/terrorism/canwetakeyourfingerprintsanddnaforourdatabase regulations which have come in over the last few years?

There are several articles on the reg regarding new DOJ etc rules for dataretention for ISPs. It really shouldn't suprise anyone that this data is still around.