Bulk Reef Supply Security Breach

[Jone]

I just got a notice that Bulk Reef Supply had a security breach,,this is for time period of July 30,2014 -January 21,2015..
I have already got an Early Warning from my credit card company this past Monday of fraud activity on my credit card..
I can assume this is were it is coming from ..
SO INVESTIGATE YOUR PURCHASES WITH BRS NOW.......

[TAZ_67]

Good to know.

I got hacked 2 weeks ago on a card that I had used with them. I was wondering what transaction was breached. I am not saying for certain it was BRS but the timing is right. Whomever stole the info hit the card for a small amount then cleaned it out via Western union cash transfers. I caught it within minutes and was on the phone with the bank within 5 minutes and they took care of it.

[soulpatch]

well after months of denying it I guess they finally came about and owned up to it.

I just bought something from them the other night and used a CC through paypal so hopefully this doesnt bite me. Thankfully banks are much better dealing with fraud these days.

[MarksReef]

Who did you get the notice from? I've been hacked twice and made a few orders from them during that time.
Did they send it to you?

[mnkykng77]

I had some fraud activity going on with my last CC and couldn't figure how they got my info, but this explains it now.

[gone fishin]

I had some people in Turkey use my card for 3k right after Thanksgiving. I only use the card at BRS and DR's F&S. My card company caught it since the charges were originating in Turkey. I called both places and got a thank you we will look into it.

[soulpatch]

Quote:

Originally Posted by mnkykng77

I had some fraud activity going on with my last CC and couldn't figure how they got my info, but this explains it now.

You would be amazed at how easy it is to get CC info if you do any online shopping. Many sites all use the same security like Verisign which is now not really secure like it used to be.

[Ramble On Rose]

http://www.bulkreefsupply.com/security-update

[MarksReef]

Quote:

Originally Posted by Ramble On Rose

http://www.bulkreefsupply.com/security-update

Thank you

[MondoBongo]

Quote:

Originally Posted by soulpatch

You would be amazed at how easy it is to get CC info if you do any online shopping. Many sites all use the same security like Verisign which is now not really secure like it used to be.

sadly true.

i wonder how this data was compromised. i don't store my credit card with BRS (makes it waaaaaaay to easy to buy things, much harder to impulsively order loads of stuff if i have to actually get up off my butt and go find my debit card), hopefully my information wasn't breached. it would be the third time in two years that i've had my information stolen.

first time was from using my debit card at a local franchise of a sub shop, second time was my employer at the time getting hacked.

quantum encryption can't come to mainstream use soon enough.

[soulpatch]

Quote:

Originally Posted by MondoBongo

sadly true.

i wonder how this data was compromised. i don't store my credit card with BRS (makes it waaaaaaay to easy to buy things, much harder to impulsively order loads of stuff if i have to actually get up off my butt and go find my debit card), hopefully my information wasn't breached. it would be the third time in two years that i've had my information stolen.

first time was from using my debit card at a local franchise of a sub shop, second time was my employer at the time getting hacked.

quantum encryption can't come to mainstream use soon enough.

whether you store it with them or not it is stored on their transaction history logs. I worked in retail before coming to the banking side of things which gives me an odd insight into the lackluster security in the US for our CC.

Also since I was more on the marketing side in retail it is horrifying to many people what levels of data I can gather about you.

The encryption and such will be great to guard your personal info but the CC info should be better protected by some of the upcoming token tech and the newer cards being released.

[Gashauler]

Wow...just ordered some stuff from BRS a few days ago. Fingers crossed!!!

[d2mini]

My card was recently replaced by my bank as well.

[Kenmx10]

Ive had my card replaced by my bank three times in the last 6 months due to security breeches. One was at Lowes. All three were at retail stores and not online. I check my account every day for fraudulent charges, but haven't had any, Yet.

[MondoBongo]

Quote:

Originally Posted by soulpatch

whether you store it with them or not it is stored on their transaction history logs. I worked in retail before coming to the banking side of things which gives me an odd insight into the lackluster security in the US for our CC.

Also since I was more on the marketing side in retail it is horrifying to many people what levels of data I can gather about you.

The encryption and such will be great to guard your personal info but the CC info should be better protected by some of the upcoming token tech and the newer cards being released.

if they're PCI-DSS compliant they shouldn't be storing any of that information unless explicitly selected. they also shouldn't be storing the CVV2 number on the back of the card (unless the regs have changed on that).

if they're authing a card not present transaction over a network, typically they just encrypt and send the info and get back a confirmation code from the processor. no need to store anything in that scenario.

[pelphrey]

Bad news that is happened. But on the plus side BRS issued a statement regarding the event that took place. And in my eyes that says a lot. It is a rather large window that was compromised. Its a double edge sword. No company wants this to happen, but when it does the smart companies rebuilt their security!

[dendrite]

Three cards , American express, discover and mastercard, hacked within three weeks. A 100 dollar charge at a Subway in Ca., 500 dollar charge at a PF Chang in NY, and a 1000 dollar charge at a London hotel. It has become epidemic but the card companies were on it within an hour calling me, texting and e-mailing me. Just a word to the wise and tell your card companies if you're leaving town and where you are going otherwise you may find that your hotel charges will be rejected.

[toomany]

I had two new charges on my account this morning when I checked it, this may explain it. Will be calling the bank in the morning.

[christopherjudd]

Oh wow. Not good most of my recent purchase was through my paypal but one...

[drew2007]

I've had my credit card number stolen recently also. They tried to use it to buy $11,000 worth of art from a gallery in California which my bank didn't approve but they got away with $550 worth of Amc theater movie tickets. I've placed a few orders with BRS in that time frame also.

[cakemanPA]

I use BRS quite often, but I always use PayPal. I have not been a victim of fraud... YET. My health insurer got hacked and so has BRS. I did the freecreditreport. Not really free anymore. Check and make sure there are no new inquiries.

[rfgonzo]

It happened to me 2 weeks ago, but my bank stopped it and canceled my card.

[soulpatch]

Quote:

Originally Posted by MondoBongo

if they're PCI-DSS compliant they shouldn't be storing any of that information unless explicitly selected. they also shouldn't be storing the CVV2 number on the back of the card (unless the regs have changed on that).

if they're authing a card not present transaction over a network, typically they just encrypt and send the info and get back a confirmation code from the processor. no need to store anything in that scenario.

You can be compliant and still storing credit card data. It has to be stored in another DB with no query logic allowed to be run against it. When one does want to do inquiry then there is a paperwork trail to pull data. No CVV2 data is stored as it is not needed. Unless cleared all data is encrypted so you couldnt tell the card number anyway. Even when cleared the card numbers are given a unique masked value so while I can use the key and track the same credit card I am not actually using that card number.



As to guarding the consumer the US has some significant changes coming. If you are in Europe or using a few of the upper cards in the US you are familiar with the signature chip cards. Soon they will also require signature pin cards.

Basically this year the banks will be reissuing cards with a chip in them. The card is inserted at the register instead of being swiped so that it can read the chip and confirm it is in fact your card. It is more secure then current mag strips. The pin adds an additional layer and that should be coming online the end of this year.

The key part of the legislation though is that it changes liability from the bank to the retailer. If the retailer does not update their systems then they are liable for the fraud which should put more emphasis on stores checking IDs and other security measures to cover themselves. It might mean a few more seconds in line for us all but the added security will save a ton of headaches in this day and age of hackers.

Better yet is the rise of items like apple pay that simply submit a random token to the store instead of your actual card. Samsung has their own system coming out this year too as they just acquired a company to aid in their development.

Sad to say but we are in an age of digital crime and it will get worse for a while with these breaches.

[MidwesternTexan]

As I sit here at work, I wonder why everyone can't just do honest work anymore?

Why so many have to 'cheat,game' the system?

What's funnier, is that it happens so often, that usually unless it's at least a 5K loss,
they don';t even investigate it. Is that funny or what?

[murdock84]

I'd have to say in the last year and a half I was involved in this type of issue with Home Depot, Target, our works payroll company and now BRS. Too many people want stuff for free and that is why it's hard to find honest people anymore.