Bulk Reef Supply Security Breach - Page 2

myram · 02/19/2015, 07:53 PM

I haven't ordered from BRS since last March........guess I'm all set.
My LFS got the call the other night from BRS that they had been hacked, so at least word is spreading about it.

tg1966 · 02/19/2015, 09:23 PM

Just deleted my cart. Changed my password. I did not see an option to completely delete by account with them. Anyone see an option to do so? I spent over $2,500 with BRS the past year. An apology is not going to cut it with me.

soulpatch · 02/19/2015, 09:55 PM

Quote:

Originally Posted by tg1966

Just deleted my cart. Changed my password. I did not see an option to completely delete by account with them. Anyone see an option to do so? I spent over $2,500 with BRS the past year. An apology is not going to cut it with me.

With the rate of the online hacks you better be ready to do a lot less shopping places.

No more Home Depot, Target, BRS, Boscovs, Niemen Marcus, and many more should be off your list...

firemountain · 02/20/2015, 12:46 AM

I had 3 purchases during the timeframe indicated. Luckily all were done through PayPal express. Gonna keep on checking my account regardless, and just changed my password to be safe.

joesfiddy · 02/20/2015, 06:42 AM

I used PayPal so hopefully I'm safe

ravenzme · 02/20/2015, 07:41 AM

In Information Security here. I do Due Diligence on companies around the country, and people would be shocked at how poorly data is protected. Companies that do PCI self attestations are a joke. At rest encryption isn't even a standard with many online retailers, and when I ask why these people think they are protected from hacks like Target, etc, I often get the response "we have a firewall in place and use SSL". I have no idea if any of this is the case with BRS, not familiar with their security. Just saying from my experience, people just don't know how to protect the data they collect, and don't understand how to take care of the customer's financial or personal information. As long as companies make it easy, breaches will continue. Again, I am not accusing BRS of being lax, as I just don't know anything about them. But never assume a company has their security act together just because they are accepting credit card numbers over a website. Yes, it frustrates me too.

MondoBongo · 02/20/2015, 07:48 AM

Quote:

Originally Posted by soulpatch

You can be compliant and still storing credit card data. It has to be stored in another DB with no query logic allowed to be run against it. When one does want to do inquiry then there is a paperwork trail to pull data. No CVV2 data is stored as it is not needed. Unless cleared all data is encrypted so you couldnt tell the card number anyway. Even when cleared the card numbers are given a unique masked value so while I can use the key and track the same credit card I am not actually using that card number.

As to guarding the consumer the US has some significant changes coming. If you are in Europe or using a few of the upper cards in the US you are familiar with the signature chip cards. Soon they will also require signature pin cards.

Basically this year the banks will be reissuing cards with a chip in them. The card is inserted at the register instead of being swiped so that it can read the chip and confirm it is in fact your card. It is more secure then current mag strips. The pin adds an additional layer and that should be coming online the end of this year.

The key part of the legislation though is that it changes liability from the bank to the retailer. If the retailer does not update their systems then they are liable for the fraud which should put more emphasis on stores checking IDs and other security measures to cover themselves. It might mean a few more seconds in line for us all but the added security will save a ton of headaches in this day and age of hackers.

Better yet is the rise of items like apple pay that simply submit a random token to the store instead of your actual card. Samsung has their own system coming out this year too as they just acquired a company to aid in their development.

Sad to say but we are in an age of digital crime and it will get worse for a while with these breaches.

i'm glad to hear they're finally bringing over enhanced security measures. i've heard tid bits about how cards in europe are more secure, glad to see it will be spreading.

it's also nice to hear that they're actually putting together some laws for this. when i was working with it a few years back, it was all civil penalties and governed by nothing more than industry guidelines.

i saw the talk about samsung bringing out their own pay system, but i don't know that i'm convinced those will be any better. i didn't care for apple pay when it was called google wallet.

i get that using the tokens almost like a claims auth has certain value for protection, but that card information is still stored somewhere. so it seems to just shift the target to larger clearinghouses of the data. where as today a subset of people had their information stolen from BRS, it would potentially be much more if samsung or apple were hacked. time will tell i suppose.

i assume i will getting my letter from BRS shortly. sadly my girlfriend bought me a vortech for christmas, and her card was apparently compromised. she already had to have it replaced about three weeks ago, and just get her letter from BRS last night when i had got home from work.

MondoBongo · 02/20/2015, 07:52 AM

Quote:

Originally Posted by ravenzme

In Information Security here. I do Due Diligence on companies around the country, and people would be shocked at how poorly data is protected. Companies that do PCI self attestations are a joke. At rest encryption isn't even a standard with many online retailers, and when I ask why these people think they are protected from hacks like Target, etc, I often get the response "we have a firewall in place and use SSL". I have no idea if any of this is the case with BRS, not familiar with their security. Just saying from my experience, people just don't know how to protect the data they collect, and don't understand how to take care of the customer's financial or personal information. As long as companies make it easy, breaches will continue. Again, I am not accusing BRS of being lax, as I just don't know anything about them. But never assume a company has their security act together just because they are accepting credit card numbers over a website. Yes, it frustrates me too.

the only reason i am even vaguely antiquated with a lot of this stuff is because a place i worked at had some serious violations i accidentally discovered.

they were keeping full customer data (credit card number, cvv2, social security number, address, telephone, birthdate, etc...) in a completely unencrypted database table, in a database that was directly publicly accessible via their classic ASP website, and to put the cherry on top, they had already been compromised by at least one severe SQL injection attack.

when i stumbled across it, i freaked. it took me months of beating the drum loudly to get them to clear me even two weeks to do the best i could to encrypt and secure the data. management just didn't think it was important, but finally gave me that small amount of time to at least shut me up.

i was able to get everything at least encrypted, and put some better authentication in place, but it was still far from perfect when i left.

really, really, scary.

marinelife · 02/20/2015, 08:01 AM

I got a letter in the mail from them offering me free membership to Experian's ProtectMyID Alert.
I do know my bank has already changed my card.

Sn8kbyt · 02/20/2015, 08:10 AM

I had 4 accounts breached in early January all of which were used to purchase in excess of $5000 from BRS in the prior 2 months. I figured they had to be connected but could not prove it. The last month has been hell having basically all my accounts frozen, fighting charges, and waiting for replacement cards.

Very unhappy and disappointed it was them!

TAZ_67 · 02/20/2015, 08:39 AM

Quote:

Originally Posted by soulpatch

With the rate of the online hacks you better be ready to do a lot less shopping places.

No more Home Depot, Target, BRS, Boscovs, Niemen Marcus, and many more should be off your list...

That is just it. it's not just a BRS problem. My insurance company Anthem just got hacked. Unfortunately you can't get around it unless you drop off the grid completely. What saved me was that I had phone alerts set on all my accounts that I can. It doesn't stop it from happening but it gives you more time to react and minimize the damage.

soulpatch · 02/20/2015, 08:54 AM

Quote:

Originally Posted by MondoBongo

i'm glad to hear they're finally bringing over enhanced security measures. i've heard tid bits about how cards in europe are more secure, glad to see it will be spreading.

You can blame your local stores for the wait on this. Retail did not want to spend the money on improved card readers and lobbied against this all. It took legislation that changed liability onto the shoulders of the retailer should they not comply that changed their tune. The recent hacks have also sped up some adoption of new tech.

Quote:

it's also nice to hear that they're actually putting together some laws for this. when i was working with it a few years back, it was all civil penalties and governed by nothing more than industry guidelines.

The laws are more in pushing the liability away from the banks. Some might see this as a red flag but I dont. (disclosure I work for a bank now). I see it as good since stores have become WAY too lax in just swiping a card and not doing anything else. Think about the last time you were asked for id. Yet go and try to buy a pack of cigarettes and see how quickly you get carded. The threat of liability on the store will lead to significant changes.

Quote:

i saw the talk about samsung bringing out their own pay system, but i don't know that i'm convinced those will be any better. i didn't care for apple pay when it was called google wallet.

Totally seperate systems and honestly they are the future as they are more secure since they do not send your actual card number to the retailer but an encrypted number. Think of it like they send a gift card upc to the store for the exact amount needed.

Quote:

i get that using the tokens almost like a claims auth has certain value for protection, but that card information is still stored somewhere. so it seems to just shift the target to larger clearinghouses of the data. where as today a subset of people had their information stolen from BRS, it would potentially be much more if samsung or apple were hacked. time will tell i suppose.

the card info is still stored same place it is now. There is no difference to operation though your phone could be stolen and it woudl have your cards on them. Depending on your security features would dictate what they had access to.

How it works is no different then you swiping your card. You hold your phone over the reader and the reader sends the total to your phone which then pings the processor. The processor pings visa/mc to ensure it is an actual card (the card you are trying to pay with) and it pings the bank that you have balance available instantly. Everything comes back ok in a split second and the phone transmits a scrambled card number to the register and you go on your way.

Apple/Samsung are just the transmitters for the data and do not store it. It was a huge concern about the storage of data with apple pay for the banking industry for the reasons your brought up. They do not which is why you see so many banks as partners. Should see the same thing when samsung's system comes out as well.

Quote:

i assume i will getting my letter from BRS shortly. sadly my girlfriend bought me a vortech for christmas, and her card was apparently compromised. she already had to have it replaced about three weeks ago, and just get her letter from BRS last night when i had got home from work.

Hopefully she used a credit card from a reputable bank as many of the big banks are understanding of these things ESPECIALLY if you can trace it to a breach announcement like this.

soulpatch · 02/20/2015, 08:56 AM

Quote:

Originally Posted by TAZ_67

That is just it. it's not just a BRS problem. My insurance company Anthem just got hacked. Unfortunately you can't get around it unless you drop off the grid completely. What saved me was that I had phone alerts set on all my accounts that I can. It doesn't stop it from happening but it gives you more time to react and minimize the damage.

Exactly. Though in this day and age people should almost avoid using their debit cards unless their bank has sufficient fraud protections. Sadly many smaller banks do not cover their individuals enough and even the larger banks can be sluggish in making the corrections.

Credit cards on the other hand are held to a higher standard and are a bit easier/faster to deal with. And please do not confuse using your debit card as a credit card as the same thing.

Ramble On Rose · 02/20/2015, 09:04 AM

Quote:

Originally Posted by soulpatch

With the rate of the online hacks you better be ready to do a lot less shopping places.

No more Home Depot, Target, BRS, Boscovs, Niemen Marcus, and many more should be off your list...

A couple of those did a lot more than apologize and offer a year of fraud protection. I know I won't shop at BRS unless they do more than issue a statement and say they are sorry. They're not Home Depot, Target, etc... I can just as easily click on Premium Aquatics or other sites.

SecretiveFish · 02/20/2015, 09:08 AM

I freaking thought so! We ended up with fraud on multiple cards, and the converging store was Bulk Reef Supply. It was a PAIN to get this cleared up, multiple calls to credit card companies with general ineptitude on the employees part (is this intentional so that the customer just gives up?!?).

Someone in Australia was buying airline tickets and someone else tried to buy stuff at victoria's secret and someone else bought something off hotwire (which I had never heard of) and another online store I also had never heard of.

My favorite issue to clear up was a charge to T-Mobile (we have never used T-Mobile) and my credit card company told me that it was a valid charge for additional services on a pre-paid cell phone. Great! Except we never made that purchase!!!!

soulpatch · 02/20/2015, 09:11 AM

Quote:

Originally Posted by Ramble On Rose

A couple of those did a lot more than apologize and offer a year of fraud protection. I know I won't shop at BRS unless they do more than issue a statement and say they are sorry. They're not Home Depot, Target, etc... I can just as easily click on Premium Aquatics or other sites.

They stated in their statement that they are going to offer the credit monitoring which is the same every other company has done.

The other companies did not do much else.

Seriously though there is not much a company can do when a hacker wants in. Even big banks have been hacked and they spend billions on security and have some of the most complex systems in the world. In today's day and age you have to almost expect it no matter where you shop and be an informed consumer who monitors their credit cards and accounts. Chances are if you were not impacted by this or previous breaches then you will be impacted by one in the future.

rgulrich · 02/20/2015, 09:11 AM

After having gone down this road a few times now, this - and I really hate to say it - is pretty much routine. A few hints on better ways to do business with what we have right now:
1. Talk with your financial institution about setting up a VISA debit card or somesuch that you will use *only*, and I mean *only* for online transactions. It should be a no-charge account, with no over-draft protection, backed by VISA's fraud protection, that you will fund from a different account at the same financial institution.
2. Whenever you set up an online purchase, opt out of "saving your credit card information" - this will not eliminate the risk (it didn't in my case this time), but it will decrease the risk if the vendor doesn't store your credit (debit) card information.
3. When you go to make a purchase, get all the way to the last step before sending off your order to get the final amount, including shipping and taxes, and then transfer that amount only into the debit account. With no extra funds in the account, any attempt at fraudulent transactions will immediately be bounced.
4. For those accounts paid automatically from a credit card, change them to the debit card and have the funds automatically transferred to the debit account from your regular account.
5. Review your account statements frequently for charges you didn't make. In this instance for me, again, it was an iTunes charge to "test the card". My bank is pretty familiar with this approach and quickly addressed the charge and issued a new card.
6. When you detect (notice I didn't say "if"?) fraudulent activity on your card, notify your financial institution immediately, calmly, and walk them through why you think it's a fraudulent charge. Ask for a new card, and go through the process of letting them know what your most recent charges were to that account. As it was *only used for online purchases* it should be pretty easy to go through both of these actions.

Now to start going through the list of companies that I do auto payments to with this card...

itz frank · 02/20/2015, 09:12 AM

Just so that you guys are aware...

There was a huge glitch with Magento eCommerce sites that allowed an attacker to track and gather purchases.

I'm not sure if this is a platform that BRS uses or not but there were tons of companies effected by this.

soulpatch · 02/20/2015, 09:14 AM

Quote:

Originally Posted by itz frank

Just so that you guys are aware...

There was a huge glitch with Magento eCommerce sites that allowed an attacker to track and gather purchases.

I'm not sure if this is a platform that BRS uses or not but there were tons of companies effected by this.

not the only ecommerce platform hack recently....

Ramble On Rose · 02/20/2015, 09:16 AM

Quote:

Originally Posted by soulpatch

The other companies did not do much else.

You must have missed out on the 10% off Target gave to EVERYONE. And target is just a little bigger than BRS I think...

soulpatch · 02/20/2015, 09:28 AM

Target is an outlier since they were the first major breach, had their CC info improperly stored, and in doing so lost the CC info for almost every customer in that time frame.

It is a cost of being the first domino to drop.

No one else has offered anything to those impacted other then cheap monitoring services. I think MANY more people were impacted by the Home Depot breach for instance and they only gave monitoring.

Yes this is a pain but people need to remember that the retailer is also a victim in this. Demanding that they bend over backwards with offers and such is a bit extreme unless they were negligent which I do not think BRS was. Target however was in how they stored some of their CC info. Heck they did not even mask numbers in some instances on some DBs.

MondoBongo · 02/20/2015, 09:34 AM

target also wasn't very forthcoming about the breach either. they had a badly bungled response, and were slow to take any corrective action.

when these types of breaches started, i held firm that i wasn't going to do business with companies that didn't properly protect my data. then, as time moved on, i realized that meant essentially not participating in the economy on any level.

and to echo what soulpatch said, many times the retailers are also victims here. you can have a reasonably secure system, take the normal precautions, and still become compromised in a variety of ways.

the old adage still holds true: locks are on doors only to keep out honest people.

a determined attacker will always find a way in.

tkeracer619 · 02/20/2015, 09:49 AM

Those of you freaking out are maybe a bit over the top. Welcome to 2015. Somehow you think reef stores are impervious to shenanigans. Give it a rest... at least they figured it out and can put an end to it. It effected me as well but I dealt with it like I dealt with it the past 10 times.

If it really is that big of a deal start using cash at your lfs and the local produce mart, I'm sure they would enjoy the business. I think you folks are overreacting and nobody actually lost money here but BRS. The consumer gets the money back. You lost some time and cool points.

lespaul339 · 02/20/2015, 09:59 AM

I ordered 3 or 4 times from them over the time period of the security breach. But I paid through paypal. Am I safe since I went through paypal? That's why I always use paypal even though I pay with credit card because I don't usually trusts websites secure checkouts.

Vapour1ze · 02/20/2015, 10:00 AM

Credit card was stolen last night. Odd? I just ordered from brs a few weeks back.

02/20/2015, 12:46 AM	#29
firemountain Registered Member Join Date: Apr 2014 Location: Bergen County, NJ Posts: 1,033	I had 3 purchases during the timeframe indicated. Luckily all were done through PayPal express. Gonna keep on checking my account regardless, and just changed my password to be safe. __________________ Eshopps RS100 sump, Eheim 1262 return,Kessil 360WE w/controller, Avast ATO w Litermeter 3, RO Regal 170sss Skimmer, Sicce XStream-e pumps /dc controlled, Spectrapure Dual Reactor Current Tank Info: 65g mixed reef

02/20/2015, 08:01 AM	#34
marinelife Registered Member Join Date: May 2000 Location: Union, Ohio, USA Posts: 6,590	I got a letter in the mail from them offering me free membership to Experian's ProtectMyID Alert. I do know my bank has already changed my card. __________________ I'm a SaltGeek are You? All LED since 2010. Current Tank Info: 375 Gallon Reef with siporax, all LED lighting, and Red Dragon 3 and Abyzz A200 on 2 closed loops.

02/20/2015, 08:10 AM	#35
Sn8kbyt Registered Member Join Date: Jun 2013 Location: Manitowoc, WI Posts: 607	I had 4 accounts breached in early January all of which were used to purchase in excess of $5000 from BRS in the prior 2 months. I figured they had to be connected but could not prove it. The last month has been hell having basically all my accounts frozen, fighting charges, and waiting for replacement cards. Very unhappy and disappointed it was them! __________________ 220 gallon DT and 90 gallon sump, all DC powered, APEX gold with DOS, feeder, and a few extra modules, Avast Marine swabbie on Skimz Monster 258, 6 Rapid LED Onyx fixtures, BRS dosers, 4 Jaebo RW-15. Current Tank Info: 220 Gallon, 29 Gallon, 2-20L QT, and a 20 gallon tall octogon tank waiting to be setup for a seahorse tank.

02/20/2015, 09:11 AM	#42
rgulrich greybeard Join Date: Jun 2007 Location: MD Posts: 893	After having gone down this road a few times now, this - and I really hate to say it - is pretty much routine. A few hints on better ways to do business with what we have right now: 1. Talk with your financial institution about setting up a VISA debit card or somesuch that you will use only, and I mean only for online transactions. It should be a no-charge account, with no over-draft protection, backed by VISA's fraud protection, that you will fund from a different account at the same financial institution. 2. Whenever you set up an online purchase, opt out of "saving your credit card information" - this will not eliminate the risk (it didn't in my case this time), but it will decrease the risk if the vendor doesn't store your credit (debit) card information. 3. When you go to make a purchase, get all the way to the last step before sending off your order to get the final amount, including shipping and taxes, and then transfer that amount only into the debit account. With no extra funds in the account, any attempt at fraudulent transactions will immediately be bounced. 4. For those accounts paid automatically from a credit card, change them to the debit card and have the funds automatically transferred to the debit account from your regular account. 5. Review your account statements frequently for charges you didn't make. In this instance for me, again, it was an iTunes charge to "test the card". My bank is pretty familiar with this approach and quickly addressed the charge and issued a new card. 6. When you detect (notice I didn't say "if"?) fraudulent activity on your card, notify your financial institution immediately, calmly, and walk them through why you think it's a fraudulent charge. Ask for a new card, and go through the process of letting them know what your most recent charges were to that account. As it was only used for online purchases it should be pretty easy to go through both of these actions. Now to start going through the list of companies that I do auto payments to with this card... __________________ The true sign of intelligence is not knowledge but imagination. Albert Einstein Current Tank Info: 360 degree walk around 300 DD island–4 300W & 2 165W ViparSpectra, 4 Kessil A350W, 2 A360WE, 3 XF150, 1 XF250, 1 XF350 Gyre along with 2 PP40 and 2 IceCap 3K gyre for robust current. Basement 150 gallon RubberMaid sump, SKIMZ skimmer, DCP18000

02/20/2015, 09:28 AM	#46
soulpatch Registered Member Join Date: Dec 2014 Location: Downingtown, PA Posts: 4,017	Target is an outlier since they were the first major breach, had their CC info improperly stored, and in doing so lost the CC info for almost every customer in that time frame. It is a cost of being the first domino to drop. No one else has offered anything to those impacted other then cheap monitoring services. I think MANY more people were impacted by the Home Depot breach for instance and they only gave monitoring. Yes this is a pain but people need to remember that the retailer is also a victim in this. Demanding that they bend over backwards with offers and such is a bit extreme unless they were negligent which I do not think BRS was. Target however was in how they stored some of their CC info. Heck they did not even mask numbers in some instances on some DBs. __________________ 150 SC tank build: http://www.reefcentral.com/forums/showthread.php?t=2550948 Some have bar tabs. I have a coral tab at my LFS. Life goals.

02/19/2015, 07:53 PM	#26
myram #347, 19 years Join Date: Dec 1999 Location: Biddeford, ME Posts: 1,714	I haven't ordered from BRS since last March........guess I'm all set. My LFS got the call the other night from BRS that they had been hacked, so at least word is spreading about it.

02/19/2015, 09:23 PM	#27
tg1966 Registered Member Join Date: Feb 2014 Posts: 55	Just deleted my cart. Changed my password. I did not see an option to completely delete by account with them. Anyone see an option to do so? I spent over $2,500 with BRS the past year. An apology is not going to cut it with me.

02/20/2015, 06:42 AM	#30
joesfiddy Registered Member Join Date: Oct 2007 Location: Morris IL Posts: 518	I used PayPal so hopefully I'm safe

02/20/2015, 07:41 AM	#31
ravenzme Registered Member Join Date: Nov 2013 Location: Madison, Wisconsin Posts: 51	In Information Security here. I do Due Diligence on companies around the country, and people would be shocked at how poorly data is protected. Companies that do PCI self attestations are a joke. At rest encryption isn't even a standard with many online retailers, and when I ask why these people think they are protected from hacks like Target, etc, I often get the response "we have a firewall in place and use SSL". I have no idea if any of this is the case with BRS, not familiar with their security. Just saying from my experience, people just don't know how to protect the data they collect, and don't understand how to take care of the customer's financial or personal information. As long as companies make it easy, breaches will continue. Again, I am not accusing BRS of being lax, as I just don't know anything about them. But never assume a company has their security act together just because they are accepting credit card numbers over a website. Yes, it frustrates me too.

02/20/2015, 09:08 AM	#40
SecretiveFish Registered Member Join Date: May 2011 Location: PNW Posts: 713	I freaking thought so! We ended up with fraud on multiple cards, and the converging store was Bulk Reef Supply. It was a PAIN to get this cleared up, multiple calls to credit card companies with general ineptitude on the employees part (is this intentional so that the customer just gives up?!?). Someone in Australia was buying airline tickets and someone else tried to buy stuff at victoria's secret and someone else bought something off hotwire (which I had never heard of) and another online store I also had never heard of. My favorite issue to clear up was a charge to T-Mobile (we have never used T-Mobile) and my credit card company told me that it was a valid charge for additional services on a pre-paid cell phone. Great! Except we never made that purchase!!!!

02/20/2015, 09:12 AM	#43
itz frank Gives Bad Advice. Join Date: May 2006 Location: Ft Lauderdale, FL Posts: 2,168	Just so that you guys are aware... There was a huge glitch with Magento eCommerce sites that allowed an attacker to track and gather purchases. I'm not sure if this is a platform that BRS uses or not but there were tons of companies effected by this.

02/20/2015, 09:34 AM	#47
MondoBongo Obligate Feeder Obsessed Join Date: Oct 2012 Location: Pittsburgh, PA Posts: 4,061	target also wasn't very forthcoming about the breach either. they had a badly bungled response, and were slow to take any corrective action. when these types of breaches started, i held firm that i wasn't going to do business with companies that didn't properly protect my data. then, as time moved on, i realized that meant essentially not participating in the economy on any level. and to echo what soulpatch said, many times the retailers are also victims here. you can have a reasonably secure system, take the normal precautions, and still become compromised in a variety of ways. the old adage still holds true: locks are on doors only to keep out honest people. a determined attacker will always find a way in. __________________ [Citation Needed] "You don't use science to show that you're right, you use science to become right" - xkcd Current Tank Info: A rectangular shaped money pit.

02/20/2015, 09:49 AM	#48
tkeracer619 Registered Member Join Date: Jan 2006 Location: Westminster, CO Posts: 17,289	Those of you freaking out are maybe a bit over the top. Welcome to 2015. Somehow you think reef stores are impervious to shenanigans. Give it a rest... at least they figured it out and can put an end to it. It effected me as well but I dealt with it like I dealt with it the past 10 times. If it really is that big of a deal start using cash at your lfs and the local produce mart, I'm sure they would enjoy the business. I think you folks are overreacting and nobody actually lost money here but BRS. The consumer gets the money back. You lost some time and cool points. __________________ Hobby Experience: 9200ish gallons, 26 skimmers, and a handful of Kent Scrapers. Current Tank: Vortech Powered 600G SPS Tank w/ 100gal frag tank & 100g Sump. RK2-RK10 Skimmer. ReefAngel. Radium 20k.

02/20/2015, 09:59 AM	#49
lespaul339 Reefer Join Date: Aug 2012 Location: Iowa Posts: 903	I ordered 3 or 4 times from them over the time period of the security breach. But I paid through paypal. Am I safe since I went through paypal? That's why I always use paypal even though I pay with credit card because I don't usually trusts websites secure checkouts. __________________ Reefer Madness! Current Tank Info: 60x24x24 150 gallon reef, 55 gallon sump.

02/20/2015, 10:00 AM	#50
Vapour1ze I'm an Addict. Join Date: Mar 2008 Location: Yorkville, IL Posts: 3,036	Credit card was stolen last night. Odd? I just ordered from brs a few weeks back. __________________ 93 Reef \| 220 Reef \| Basement Fish Life Support Room \| Empty Savings Account