Some years ago, I had several small sites with what turned out to be a useless hosting company. (The only good thing they ever did for me was cause me so many problems, I found SitePoint while searching for solutions. )
I’ve long since left them, but recently I received e-mails from them advising that they are moving two of my sites to a new server. So I replied, pointing out that I moved the domains and hosting away from them three-and-a-half years ago, and asking them to remove my details from their database.
They responded, stating that they have “raised a support ticket” for me - but they haven’t. Nor, in fact, do I want them to. I want them to remove my e-mail address (and preferably the rest of my details, too) from their database, and stop sending me useless e-mails. (Their database was hacked while I was still a customer, and I received phishing e-mails as a result, so I have a good reason to be concerned here.)
Any suggestions for dealing with an utterly-incompetent, UK-registered hosting company?
If you tell them three times to remove your contact information from their databases, and they refuse three times, get a lawyer. (Or are they called “barristers”, there?) But get someone of a high legal status to write them a letter explaining that you will pursue litigious actions if they do not comply. That should fix it.
In my experience, threatening legal action usually accomplishes something. it’s a shame you have to resort to it, but strangely, everything happens quickly when you do…
I eventually located the “support ticket” - filed under “solved” and closed, despite the fact that nobody had replied to it.
[quote=“bluedreamer, post:4, topic:199730”]
I’d suggest emailing them again asking for them to remove your details and mention the ICO route if they don’t comply.
[/quote]I’ve just done that, and await further developments…
Another thing which is puzzling/worrying me is that clicking the link in their e-mail takes me straight into my “account”, which I thought was closed over three years ago. No request for a password or anything - the page opened with me logged in. I can log out while I’m there and close the tab, but clicking the e-mail link takes me straight back in again.
There was something I registered for the other day, ITIL related I think. The confirmation email, promptly sent me back the password in plain text - good job I did actually come up with a new password for that site.
I really want them to remove my details from their database. They were a lousy company while I was with them, and their e-mail database was hacked then. They seem to have got even worse since then.
I don’t know what details they’re still holding, but they do not need them, and shouldn’t be using them.
It would be cheaper to cancel the credit card than involve a lawyer. Just realistically speaking there is no way to really force them to do anything. Even if they were to be forced to remove your information how could you ever verify it – ask for a db /filesystem dump and audit it yourself. Your responsible for your own well being. If you believe some information they have could you hurt you in any way like a hacked credit card db than cancel the card and get over it.
The two sites in question are no longer hosted on their (the bad company) servers, but they contacted @TechnoBear to say that they are being moved. For what purpose? The agreement was dissolved long ago; they no longer have any need to retain any information… period.
Then, they open a support ticket (why?), supposedly for the purpose of removing her details from their server (which they didn’t, which is fraud), and then immediately closed it (effectively marking it as successfully completed - which, again, it wasn’t.) Technobear wants zero to do with this company; they are still contacting her, and she received phishing emails as a result of the company servers being hacked (security issue).
Not only that, but according to the link that Technobear provided for ICO, there is no legitimate reason for them to retain her information.
Then, when she re-opened the support ticket in an attempt to get them to actually DO something, they mark it as “solved” and close the ticket, again. Unethical, and trying to avoid doing what was requested (and now legally REQUIRED for them to do.)
Then, a link in an email sent to her takes her to her account (which should have been deactivated when she stopped doing business with them), automagically logged in with no login name or password (ANOTHER security issue.) She logs out, and the link will log her back in. WTF.
[quote=“oddz, post:15, topic:199730”]
It would be cheaper to cancel the credit card than involve a lawyer.
[/quote]This isn’t about “cost”; this is about principles, and obligations ignored. This company should be reported, audited, and closed.
ok, I guess I just don’t see the value. People are going to do what they are going to do. I’m not the police and I most definitely would not spend any amount of money for this. I would just protect myself and move on.
Considering the fact that their servers are (apparently) easily hacked, providing contact information to the hackers which then used said contact information to send out a phishing attack, the legal course is doing just that. Ignoring it and diverting their messages to the trash will not protect anyone.
Well I guess you want to be a good samaritan but I could care less about others being hacked. It is other individuals responsibility to protect themselves not mine within that context. I doubt that company gives a flying sh*t about what you say and enacting legal action requires money typically so yeah.
This morning - no reply to the e-mail; ticket still open, under “unsolved”.
Just now - still no reply to e-mail; ticket has been closed and moved to solved, although there has been no reply to it.
Next step is to write to their registered address, following the guidelines on the ICO site. I’ll be surprised if that produces results. Although their website claims that they’re running the business from the registered address in London, I have reason to believe most - if not all - the staff are based several thousand miles away. Anyway, if that doesn’t sort things out, then I can refer it to the ICO.
