Re: Their Site
"It could all get a bit messy if they go down the GDPR route."
Absolutely it could, it could end with TM being fined for sharing privileged information with unauthorised third parties. TM have stuck themselves into a choice of:
1. It was us, sorry guv, QC issue on adding scripts.
2. It was them, we sent them everyone's information and they unsurprisingly stole it, but we sent it, don't worry.
Actually, 2 breaks PCI and PII rules too, never mind GDPR. TM have managed the insecure trifecta; the trilogy of swillogy; the trio of wankio.