|
02/25/2015, 12:00 PM | #126 | |
Registered Member
Join Date: Oct 2014
Posts: 282
|
Quote:
6 month period for a breach is a pretty long time. And instead of sending out a cautionary email right away and posting the info all over the place, they notified via snail mail... I got fraud of 3k! |
|
02/25/2015, 12:33 PM | #127 | |
Registered Member
Join Date: Jan 2013
Posts: 517
|
No not at all,,, I want to rescind what I wrote prior ..It really is bad that these situations happen but is there anything the card companies can do to stop this?? Its a topic that reoccurs to card companies, people and retail vendors..Especially everyone involved that gets caught up in this aggrivating mess it becomes..How does somebody get this private info,,if their not supposed to have it and plus have balls to do illegal activity like this??
Just think of the time and trouble spent by card companies and vendors that have to do damage control in these situations or implement safety standards to these safety privacy issues on a daily business basis.... Quote:
Last edited by Jone; 02/25/2015 at 12:41 PM. |
|
02/25/2015, 12:35 PM | #128 | |
Obligate Feeder Obsessed
Join Date: Oct 2012
Location: Pittsburgh, PA
Posts: 4,061
|
Quote:
they probably did notify as soon as they were able to. 6 months sounds like a long time for a data breach, but it's not really. it all depends on the nature of this breach, how they got in, where they got it, what they were doing while there. this isn't the same thing as showing up to your business in the morning and seeing that the door has been forced open and the cash register is gone. it is super easy to hide these kinds of intrusions. unless you get lucky, or have a superhuman sysop watching your network, you generally only find about them long after they've happened. i would be willing to bet that the system you're on right now has at least half a dozen exploits that could allow an attacker invisible access to you without you ever knowing it happened. it's scary, but also hilarious, how insecure computers and networks are.
__________________
[Citation Needed] "You don't use science to show that you're right, you use science to become right" - xkcd Current Tank Info: A rectangular shaped money pit. |
|
02/25/2015, 12:40 PM | #129 | |
Obligate Feeder Obsessed
Join Date: Oct 2012
Location: Pittsburgh, PA
Posts: 4,061
|
Quote:
i myself have been compromised several times, all in different ways, all from different places. some of the breaches were clear negligence on the part of the entity holding my records, others were inadvertent compromises due to human error, software bugs, etc... it sucks. totally sucks. no two ways about it. user soulpatch has posted some really interesting points earlier in this thread, it sounds like there will be enhanced security standards coming to US cards soon, not soon enough, but this is always a cat and mouse game. as long as there is money to be made, the arms race between white hats and black hats will continue. locks only ever keep out honest people.
__________________
[Citation Needed] "You don't use science to show that you're right, you use science to become right" - xkcd Current Tank Info: A rectangular shaped money pit. |
|
02/25/2015, 03:01 PM | #130 |
Gives Bad Advice.
Join Date: May 2006
Location: Ft Lauderdale, FL
Posts: 2,168
|
|
02/26/2015, 01:51 PM | #131 |
Registered Member
Join Date: May 2008
Posts: 2
|
When I received a letter from BRS explaining they were hacked, and PII (Personally Identifiable Information) was stolen, I like everyone else, was upset at the news.
I wrote a long email to BRS support outlining my concerns, posing some questions, and generally giving my professional opinion of the situation. (I work in the IT industry, and frequently deploy and maintain e-commerce solutions.) My letter was not an enraged flame, but it was in no way laudatory, and I believe I fairly delineated the consequences to businesses and consumers from such an incident, my view of a business' responsibility after such an event, and equally importantly responsibility before such and event, and some suggestions for their way forward. (I shared the message with my wife, and she gave me one of those looks and said "I would not like to receive an angry letter from you." I wasn't being angry, but I get her point.) A few hours later, I received a call from Ryan, and we had a long conversation about the situation. I respect his initiative in addressing the damage head-on and in a personal, as well as professional and expert, manner. I believed before, and I believe now, this is a small company with integrity as a core tenet. I can't reveal all I was able to glean from the conversation, but will say that they have well and truly made every practical effort to rectify the situation in the best manner available. (Know that doing so is an extremely expensive and painful proposition for them, and as a small company with whom I like doing business, I hope their balance sheet can survive the hit. As much as we as customers may have lost potentially and in fact, BRS has lost far more.) I empathize with everyone involved in this: myself, other customers, and BRS too. I do not sympathize, however. This sort of attack, while prevalent (anyone a Target customer?), is not unpreventable. I still maintain the best time to close the barn door, is before the horses escape. To mix metaphors, that's water under the bridge now. In talking with Ryan, I am convinced they have learned this very painful lesson. Right now, I have no doubt that one of the safest places to do business on-line is the BRS web site. "Maybe they will make a youtube video about it....." I complained that the time it took to communicate the issue was too long. Ryan, I could tell, was as frustrated as we all on this. I agree with him there is no perfect way to communicate, and in balance they did as good as can really be expected. The above quote was written by another poster, in humor, but Ryan shared that was literally his first impulse and wanted to do so immediately. The IT experts they brought in shot the idea down in no uncertain terms, and were right to do so. Immediately after the discovery, there were not enough facts in evidence to craft a coherent message, let alone an effective action plan for the business or consumers. Until they knew the nature and reach of the intrusion and theft, what was the message to be? "We were hacked. Data was stolen." Painful, but better to wait and have a clear message, targeted at the affected parties rather than a vague, ominous broadside aimed at everyone. (If I, for one, want the latter, I'll watch Fox news.) Nobody will disagree this was an unfortunate situation. Bad things happen to good people. Everyone victimized here, including BRS, are good people IMHO. I will continue doing business with BRS. Their business model and delivered value is still attractive to me. I will, as will we all, come away sadder but wiser knowing more than we care to about the dark side of doing business on-line. The suggestion to use PayPal as a payment processor backed by a credit card as the payment instrument is a good one. Secure payment processing is not BRS' core competence, it is PayPal's raison e'etre, and we all should be taking advantage of that as a prudent approach to e-commerce. |
02/26/2015, 02:08 PM | #132 |
Registered Member
Join Date: Nov 2008
Location: Houston, TX
Posts: 10,344
|
Am I the only one not upset about this?
My bank has to send me a new debit card what seems like several times a year, including a few weeks ago. This is the first time this year. This has just become normal to me. lol I've never lost a dime, btw.
__________________
-dennis Elos Diamond 120xl | Elos Stand | Radion G4 Pros | GHL Profilux Controller | LifeReef Skimmer | LifeReef Sump Photos taken with a Nikon D750 or Leica M. |
02/26/2015, 02:13 PM | #133 | |
Registered Member
Join Date: Nov 2009
Location: Fruit Cove, FL
Posts: 617
|
Quote:
__________________
The Dude abides. I don't know about you but I take comfort in that. It's good knowin' he's out there. The Dude. Takin' 'er easy for all us sinners. Current Tank Info: AGA 180g mixed reef, 60" Sunpower 8 bulb, SRO-3000int |
|
02/26/2015, 02:53 PM | #134 | |
Registered Member
Join Date: Nov 2013
Location: Minneapolis, MN
Posts: 379
|
Quote:
|
|
02/26/2015, 03:38 PM | #135 |
Registered Member
Join Date: May 2008
Posts: 2
|
I was behind this old guy at an Walmart ATM who was working the machine for a good 15 minutes before my curiosity and impatience got the best of me and I stepped up to look over his shoulder to see what on earth was taking so long. He had a handful of cards that he was dutifully trying, one by one, to get money from the machine - without much luck I might add.
I kindly suggested he steal higher quality plastic, or at least learn how to steal PINs as well so the process would not take so long, and the rest of us could get on with our day. |
03/06/2015, 11:39 PM | #136 |
Registered Member
Join Date: Oct 2014
Posts: 2
|
I know this happened a while ago, but two days ago I got the first of several strange emails. Tonight I was notified via email that someone created an account at McAfee security and paid for it with my credit card. I immediately cancelled that card before any other damage could be done, but I have since tracked down several other accounts created using my personal information and credit card.
These accounts have not been used by the thief and they are all products that auto-renew each month and that are very difficult to cancel. My best guess is that someone is currently running a bot to sign up to these services with the information in the stolen BulkReefSupply data just to be a malicious jerk. I just wanted to give a heads up to anyone else that hasn't cancelled their cards yet. Be very vigilant and cancel your CC at the first hint of anything you don't recognize. |
04/09/2015, 05:44 PM | #137 |
Registered Member
Join Date: Jan 2015
Posts: 1,226
|
Just like to let everyone know, in good faith I ordered from BRS (AFTER the big incident) I received a letter today that says they have identified more small affected files that were not previously included in the scope of earlier announcement. Potentially affected customers is anyone who logged into the website between Feb 22 and march 16. Apparently this is an on going issue with them. I used paypal so i'm not that worried but be warned.
|
04/09/2015, 06:36 PM | #138 | |
Registered Member
Join Date: Sep 2013
Location: Michigan
Posts: 1,280
|
Quote:
__________________
210 gal reef, 75 gal Refuge with 55 Gal sump mixed reef 100 gal Reef, 75 gal Refuge with 55 gal sump. SPS/LPS & 100 gal Japanese Dragon Moray eel tank with 40 gal sump 75 gal Brazilian Dragon Mor |
|
04/10/2015, 03:19 PM | #139 | |
Euphyllia Addict
Join Date: May 2012
Location: Brooklyn, NY
Posts: 1,424
|
Quote:
I always use paypal so I'm not worried but jeeze.
__________________
Just started Red Sea Reefer 350 (75 Gallon) Build Thread - http://www.reefcentral.com/forums/showthread.php?t=2555495 Current Tank Info: Red Sea Reefer 350 |
|
04/10/2015, 04:30 PM | #140 | |
Registered Member
Join Date: Jul 2014
Posts: 308
|
Quote:
Got another one today with my address also, but the first and last name was not mine this time eiather. I don't really understand why some people get so upset over this. It happens, theives will always be one step ahead. |
|
04/10/2015, 07:05 PM | #141 |
Registered Member
Join Date: Feb 2003
Location: WV
Posts: 168
|
I got the letter and 2 days later got a fraudulent charge on my card. I only used my card at BRS. Sucks but there is nothing you can do about it. This was the second time this has happened in 5 months.
|
04/10/2015, 07:06 PM | #142 | |
Registered Member
Join Date: Jan 2015
Posts: 1,226
|
Quote:
__________________
“Out of every one hundred men, ten shouldn't even be there, eighty are just targets, nine are the real fighters. Ah, but the one, one is a warrior, and he will bring the others back.” Current Tank Info: 300g sps tank |
|
04/10/2015, 07:12 PM | #143 | |
Registered Member
Join Date: Dec 2014
Location: Downingtown, PA
Posts: 4,017
|
Quote:
In this instance BRS uses Magento which a TON of other companies use as their checkout platform. They also have Verisign which again is pretty standard. Magento was what was hacked and many other companies using the Magento platform were hacked as well.
__________________
150 SC tank build: http://www.reefcentral.com/forums/showthread.php?t=2550948 Some have bar tabs. I have a coral tab at my LFS. Life goals. |
|
04/10/2015, 07:14 PM | #144 |
Registered Member
Join Date: Jan 2015
Posts: 1,226
|
I rage at the criminals.
__________________
“Out of every one hundred men, ten shouldn't even be there, eighty are just targets, nine are the real fighters. Ah, but the one, one is a warrior, and he will bring the others back.” Current Tank Info: 300g sps tank |
04/10/2015, 07:15 PM | #145 |
Registered Member
Join Date: Mar 2013
Posts: 419
|
|
04/10/2015, 07:17 PM | #146 |
Registered Member
Join Date: Dec 2014
Location: Downingtown, PA
Posts: 4,017
|
THen in 100% agreement with you... Also instances like this are why you should always use a credit card online not linked to a bank acount. That way you have their fraud working for you and it is THEIR money in the wind vs your own money while you fight with the bank to get it back...
__________________
150 SC tank build: http://www.reefcentral.com/forums/showthread.php?t=2550948 Some have bar tabs. I have a coral tab at my LFS. Life goals. |
04/10/2015, 09:46 PM | #147 | |
Registered Member
Join Date: Jul 2014
Posts: 308
|
Quote:
|
|
04/16/2015, 11:05 AM | #148 |
Registered Member
Join Date: Jan 2005
Location: Lynchburg, Va
Posts: 2,963
|
Not sure if it has anything to do with BRS. I have used my card there recently over the last few weeks. Just got 2 Fraud charges from Salt Life each $705 each. Fruad Protection called me to see if I had made the charges. Looks like they denied it since it hasn't hit my account so far. But, still a pain in the *** to have to cancel the card and wait for a new one.
|
04/16/2015, 01:01 PM | #149 |
Registered Member
Join Date: Jan 2010
Location: Lake of the Ozarks
Posts: 201
|
I got the same thing. A letter, my address but different name.
|
04/16/2015, 01:22 PM | #150 |
Registered Member
Join Date: Nov 2008
Location: Houston, TX
Posts: 10,344
|
I had fraudulent charges back when this first came out, got a new card, and just this weekend i got more fraudulent chargers to the new card from two places in the UK.
Not sure which one is related to the BRS event, but yeesh! Craziness. Not to mention a pain in the butt. Luckily my bank catches these things instantly.
__________________
-dennis Elos Diamond 120xl | Elos Stand | Radion G4 Pros | GHL Profilux Controller | LifeReef Skimmer | LifeReef Sump Photos taken with a Nikon D750 or Leica M. |
|
|