Today I had a stack of emails from them, confirming orders from months ago that have long since shipped. I assume they are transferring all the old data from their old system. More worryingly, they also sent an email confirming my account creation - and the email contained my password, in plain text. So we know now that they have absolutely no password security at all. And they send out those passwords on the internet equivalent of postcards. Anyone who has stored payment details on their site, get there now and get the details deleted. Get them to confirm in writing that they hold no secure information about you. You'd also need to make sure you do not use that username/password combination on any other site that you use. Their site migration has been a textbook example of how not to do a site migration. They need to hire someone with a basic level of competence in IT, immediately. And fire whoever's currently doing it.