OK folks, you can calm down now - IT'S FIXED.
No we can't calm down now. This issue has been happening for a while. the Data Protection Act has been breached by both O2 and GiffGaff.
the Information Commissioner's Office needs to investigate this matter completely.
Seems to be fixed here now - good job.
Can anyone from GG confirm?
We're glad to hear that this appears to be sorting for some people. We're investigating and continuing to information as we speak.
I still suspect the issue here (like most security/privacy ones) is more theoretical than practical. It still takes someone to intentionally harvest this data for it to exist anything more than fleetingly.
I agree: I don't think that websites have been widely logging this information, but as severian said this problem has been known and reported in security circles since 2009 at least which means that criminals will have had access to it.
Collin Mullinger's research on this has been published as a peer-reviewed paper, reported in magazine and news articles, and presented at various mobile network and security conventions. I really hope that we're right and that no criminals have used the data.