back to article TalkTalk still struggles to shut down legacy email addresses on request

Months after The Register first wrote about TalkTalk failing to close a former customer's email address, the firm is still using the General Data Protection Regulation as an excuse for dragging its heels. Reg reader Rose got in touch with us after reading our report of the zombie TalkTalk email account from March to complain …

  1. Blockchain commentard Silver badge
    Facepalm

    Rebranding exercise coming - noTalkie,noTalkie.

    1. sbt Silver badge
      Trollface

      The clue is in the name...

      ...they're all Talk.

  2. Barrie Shepherd

    Companies hide behind "ID Verification" to delay the process and force-ably collect additional data about individuals.

    So good Luck with Talk Talk. I have been fighting a financial institution who owe me £2000. Because I have changed my address in the last 5 years - once - and because my passport has been renewed so the old number is not valid ID they insist on;

    An original Bank Statement for the current address and an old one from the old address

    An original Utility bill for each address (given these now are electronic means not possible to give an original)

    An original of my UK Tax coding or other Tax correspondence

    An Certified copy of my driving license for the new address.

    No way am I sending this much information to an organisation who 3 years ago had a major data leak.

    Even more galling is that another branch of the same organisation are quite happy to deal with me at the new address for investments in excess of £2000.

    My next action is probably Small Claims Court to teach the bu***rs a lesson.

    1. MJB7 Silver badge
      Terminator

      There is no Small Claims Court

      There is no such thing in the UK as the "Small Claims Court" (whatever Which says). There is the "Small Claims Track" in the County Court.

      This matters because if a case is dismissed _before_ it is assigned to a track, the standard rules for costs apply - the loser pays. It is not beyond the bounds of possibility that the financial institution will decide to fight, and apply to dismiss the case on the grounds that they don't dispute they owe "Barrie Shepherd" £2000 - but they are obliged to check you are the Barrie Shepherd they owe the money to. If they succeed, they could end up stinging you for £lots costs (rather more than £2000).

      Icon: Lawyers.

      1. Anonymous Coward
        Anonymous Coward

        Re: There is no Small Claims Court

        You need to go to the financial ombudsmen first (well first you need to do complaints stage1 and 2).

        I got over £8k back from a mortgage provider as soon as the ombudsman got involved.

    2. Androgynous Cow Herd

      bu***rs?

      Is "Butters" a bad word now?

      WTF is bu***rs?

  3. Steve Davies 3 Silver badge
    FAIL

    They might be cheap

    but you certainly do get what you pay for... Zilch, Nada, Nowt

    Like Virgin... sorry Liberty media, they keep trying to get me to sign up to their crappiness. Not going to do it. Never in a million years of Sundays.

    1. Chloe Cresswell

      Re: They might be cheap

      I have the opposite issue: We looked into a Virgin Business account for a client due to lack of choice, they let us down multiple times on just the quote, so we never ordered the line.

      I've had multiple emails informing me of planed maintenance on the non-existent line.

      I've rung 5 times to complain, been told each time I've been removed from getting these notices, then another turns up.

      In this case we are actually paying nothing but getting the harassment for free! ;)

      1. EnviableOne Bronze badge

        Re: They might be cheap

        Atleast threaten, if not actually report them to the ICO for breaching PECR

  4. ByTheSea

    "Someone has been able to reset my passwords for Amazon, eBay, my broadband provider, iTunes and more,"

    I'm guessing they used the... "I've forgotten my password, send me a new one to my email address " ...hole in the system So have a very good password on email (change it when you abandon use of the address) and continue to monitor legacy email addresses until they are killed by the ISP.

    1. Arthur the cat Silver badge

      I'm guessing they used the... "I've forgotten my password, send me a new one to my email address " ...hole in the system

      Which leads to the question - if the person was a former user, how come the TalkTalk address was still set as the password reset address rather the current email address? Yes, TalkTalk are as much use as a fishnet condom and will hopefully go bust, but it seems there's a touch of user error here as well.

  5. MJB7 Silver badge
    Megaphone

    I don't feel very well

    I have some sympathy for Talk Talk here (see title for how I feel about that). If they deleted email accounts at the drop of a hat, El Reg would be full of stories about furious customers who had their email account deleted by some prankster. It's really hard to swiftly delete accounts for the actual owner AND never accept account-deletion requests from anyone other than the account owner. Also, it is usually better to be too slow about deleting an account, than it is to accidentally delete an account you shouldn't.

    FAOD: I'm pretty sure that Talk Talk could do better here - but it's not a trivial problem.

    1. Chloe Cresswell

      Re: I don't feel very well

      Yeap, you'd think there would be a way to disable access to the mailbox while it's worked out, rather the leaving it fully running.

    2. Anonymous Coward
      Anonymous Coward

      Re: I don't feel very well

      "Talk Talk could do better here - but it's not a trivial problem"

      But, given their track record, it's something they should be expert at solving within days by now, not leaving people potentially exposed for 30

    3. Velv Silver badge
      Headmaster

      Re: I don't feel very well

      Maybe I'm missing something here but:

      Pay for an account = email service provided and address valid

      Don't pay for an account = email service not provided and email address not valid

      ??????????

  6. Anonymous Coward
    Anonymous Coward

    struggles to shut down legacy email addresses on request

    let me guess, talktalk e-mail google or yahoo with a request and get an autoreply? ;)

  7. This post has been deleted by its author

  8. Valeyard

    just cut out the middle man

    do it yourself with an SQL injection

  9. mark l 2 Silver badge

    Rather than asking for 2 forms of ID, which some people may not have if you have no passport or driving license. A simple solution is in these matter is the disable the mailbox and to post out a verification letter to the address registered on file by 1st class recorded delivery. Have a unique code in the letter which could then be given over the phone to customer services to prove they are the account holder.

    1. EnviableOne Bronze badge

      Thats good enough for companies House, so it should be good enough for TalkTalk

    2. Anonymous Coward
      Anonymous Coward

      Where a customer had mislaid or forgotten their security details with us, the final method of recovery was we would print a customer identity form on our headed paper, fill out the requesting details, sign the form and post to the registered address. They could then fill in new contact details and return.

    3. cantankerous swineherd Silver badge

      too easy!

      my response to people asking for id: no, you haven't issued me with any.

  10. Dave314159ggggdffsdds

    Bad companies love to misinterpret data protection regs. It's worth reading up on what the regs actually say, so you can point out that they're in breach of them.

    In this case, Talk Talk are in breach because they're sending the customer's personal data to an email address they have been told is compromised. They have an obligation to self-report the incident to the ICO. They can't close the email address without proof, but they have to suspend mail delivery until they're sure it's private.

    1. Anonymous Coward
      Anonymous Coward

      There is also the point that TT know they've been hacked (on multiple occasions) and should already have a (sensible) policy in place for dealing with the victims

  11. cosymart

    ID

    The advent of online utility billing was a problem for car hire companies (they fixate on the drivers licence now) in that they requested a printed copy of a utility bill so I used to ask them what address they would like me to print on it :-)

  12. e^iπ+1=0

    Deceased accounts

    In my experience TalkTalk are not very useful at dealing with grieving relatives trying to close the account of someone who passed.

    We've got to the stage now of writing 'return to sender - deceased' on their correspondence after several phone calls along the lines of - "sorry, system down, no record of last call, we'll look in to this for you and get back'.

  13. gnarlymarley Bronze badge

    easy or hard

    The problem is if you make it easy for a customer to shutdown their email, it is also easy for a hacker. If you make it hard for a hacker to shutdown an email, it becomes hard for the customer.

    The ideal method would be to make it easy for a customer and hard for a hacker, but that is only a theory and never works in practice. (At least this is my experience with customer service.)

  14. CommanderGalaxian
    Facepalm

    8 years and counting.

    I've still got a zombie email account from them from 8 years ago. I can't send emails via it anymore but it still receives email perfectly OK.

    1. This post has been deleted by its author

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019