I've seen more and more websites also holding onto old cc information even if they are expired with no easy way to remove the information and I ask, why? Why cannot I remove card information that does not exist. Why do you insist on holding that information? Is that legal?
I'm still extremely curious as to why this person (or people) are targeting developers. The only thing I can think of is that it's some sort of vendetta, or possibly a random genre of targets, which happened to be developers.
Makes me wonder too why they aren't targeting publishers, since generally most people hate them more over developers.
Companies are required to keep records of every transaction they process for the past 7 years in case they get audited by Inland revenue. I would not be surprised if they kept the payment details along with each transaction.
Keep a record of our transaction.... I've got no problem with that. The bean counters can get everything they need from a sales order. I don't see why they would need my expired cc information on a transaction made with company X, 5 years ago. Actually, I do know why, personal data and content are the currency of the future.