...including credit card details...
"...at this stage in the investigation we believe no other personal information, including credit card details, has been disclosed."
"...became aware of an attack on Wednesday 9th May 2007..."
"...a small number of customers may have downloaded a Trojan virus."
"We take the security of our customers' information very seriously..."
"...currently taking a number of actions to minimise any further risks to customers."
"This list is now being used to distribute spam email which continues to be sent to customers, and it is likely that this will continue."
So, if no other personal information has been gained, why do I have to change my password? If I have to change my password, then it must be assumed my password has been compromised, and therefore the my bank details (and other personal data) has also fallen into the wrong hands, so I think PlusNet have contradicted themselves here.
They take the security of their customers' information seriously? So why have they done very little since 9 May? And why have they still not contacted me to apologise and beg me to stay with them after yet another unacceptable display of incompetence?
However I can rest assured they are taking a number of actions to minimise further risks, but I can still expect the spam. I wonder if those actions involve putting the kettle on and sitting on their backsides?
Ironically I turned PlusNet's spam filter on this morning, in an effort to identify the spam. Apparently the filter will mark such mails with the word "SPAM" in the subject. Laughably, what are clearly spam mails are not even being flagged by PlusNet's filter. Another brilliant display of incompetence?