Mmmm I got an e-mail with this subject line, from the IETF Secretariat, the first in three years from them, saying that my personal information would be deleted unless I gave consent to its ongoing use. The sort of e-mail used in phishing attacks. I would have expected there to be some announcement about this beforehand but .... (I did get an e-mail about GPDR but that was four months ago, from the IETF Administrative Director, and made no mention of me being called on to do anything; other organisations did call on me to act, and to act immediately). So I clicked on the link, entered userid and password to get a message that there had been a password leak and that I must reset my password. Mmm even more like a phishing attack So I request a password reset, get an e-mail with a link, click on it and enter a userid and a new password. Anyone else been similarly 'targetted'? On the surface, it looks allright, but it seems poor security practice for this to come out of the blue, encouraging us to get into bad habits. Tom Petch