Home U.S. Coin Forum

Heritage Auctions followup Oct. 21 (official)

Our Email and phone systems are fully operational, and we expect the website to be up soon.

We have confirmed that we were the victim of a malware attack. We have no evidence and no reason to believe that there was any unauthorized acquisition of any client or company data. Additionally, client financial information such as credit card numbers and bank account information is maintained and secured by the payment provider. Further, all HA.com passwords are encrypted.

All currently affected auctions will be extended or rescheduled, with revised schedules posted once HA.com returns to service.

Sincerely,

Stewart Huckaby
mailto:stewarth@HA.com
------------------------------------------
Heritage Auctions
Heritage Auctions

2801 W. Airport Freeway

Dallas, Texas 75261

Phone: 1-800-US-COINS, x1355
Heritage Auctions
Tagged:

Comments

  • TomBTomB Posts: 21,323 ✭✭✭✭✭

    This reads as though it is the best case scenario to an awful situation. I hope you are successful and also hope no one has their information compromised.

    Thomas Bush Numismatics & Numismatic Photography

    In honor of the memory of Cpl. Michael E. Thompson

    image
  • jmlanzafjmlanzaf Posts: 34,558 ✭✭✭✭✭

    I look forward to lustily bidding soon

  • BoosibriBoosibri Posts: 12,138 ✭✭✭✭✭

    Thanks for keeping us informed!

  • CoinstartledCoinstartled Posts: 10,135 ✭✭✭✭✭

    Good news. Looking forward to the next coin auction.

  • messydeskmessydesk Posts: 20,003 ✭✭✭✭✭

    Thanks for keeping us posted.

  • alefzeroalefzero Posts: 977 ✭✭✭✭✭

    Excellent news to what could have been disastrous. Thanks for the update!

  • TrazTraz Posts: 377 ✭✭✭✭

    Having “no evidence” does not mean nothing was stolen. Until we get an answer as to what type of attack it’s always safe to assume your information was stolen. This wasn’t done for fun.

  • scubafuelscubafuel Posts: 1,868 ✭✭✭✭✭

    The fact that whatever it was crashed out the site/database is actually a sign that the goal might not have been stealing data. Data thefts are generally done as quietly as possible, for obvious reasons. That’s why so many companies end up saying “we just realized someone breached our servers two years ago...”

  • kuwegg57kuwegg57 Posts: 107 ✭✭✭

    I won a coin on Friday. I wonder if I'm still the winner?

  • keetskeets Posts: 25,351 ✭✭✭✭✭

    Our Email and phone systems are fully operational, and we expect the website to be up soon --- October 21, 2019 6:21PM.

    please define"up soon" as used in the OP. we are now in Day 5 and this seems pretty serious. my thoughts are that the entire problem is being minimized by Heritage for obvious reasons. perhaps there should be something in place for customers to disable/delete there current account and start fresh.

  • jmlanzafjmlanzaf Posts: 34,558 ✭✭✭✭✭

    @keets said:
    Our Email and phone systems are fully operational, and we expect the website to be up soon --- October 21, 2019 6:21PM.

    please define"up soon" as used in the OP. we are now in Day 5 and this seems pretty serious. my thoughts are that the entire problem is being minimized by Heritage for obvious reasons. perhaps there should be something in place for customers to disable/delete there current account and start fresh.

    Changing passwords when they come back should be sufficient. As long as the financial information was, as they say, on a separate site, there really shouldn't be a problem.

  • messydeskmessydesk Posts: 20,003 ✭✭✭✭✭

    @keets said:
    Our Email and phone systems are fully operational, and we expect the website to be up soon --- October 21, 2019 6:21PM.

    please define"up soon" as used in the OP. we are now in Day 5 and this seems pretty serious. my thoughts are that the entire problem is being minimized by Heritage for obvious reasons. perhaps there should be something in place for customers to disable/delete there current account and start fresh.

    I'd rather they take their time conducting a thorough root cause analysis, be rigorous about fixing it, and carry out thorough testing, including scheduling "ethical hacking," than hurry something along. Whenever they say that everything is fine, they have to be right.

  • keetskeets Posts: 25,351 ✭✭✭✭✭

    John, didn't they sort of say that with the OP??

  • messydeskmessydesk Posts: 20,003 ✭✭✭✭✭

    @keets said:
    John, didn't they sort of say that with the OP??

    Sort of. They said what happened, but didn't disclose how it happened and why it wasn't prevented, nor would I expect them to in this case.

  • tommy44tommy44 Posts: 2,291 ✭✭✭✭✭

    Hummmm, interesting that I got a email from Heritage on October 2nd stating that the credit card I had on file was expiring 11/1/2019. It's a credit card I no longer use and it was cancelled about a year ago so I ignored the message figuring I would use a new card on my next purchase. I wonder if that email had anything to do with the attack.

    it's crackers to slip a rozzer the dropsy in snide

  • HemisphericalHemispherical Posts: 9,370 ✭✭✭✭✭

    @jmlanzaf said:

    @keets said:
    Our Email and phone systems are fully operational, and we expect the website to be up soon --- October 21, 2019 6:21PM.

    please define"up soon" as used in the OP. we are now in Day 5 and this seems pretty serious. my thoughts are that the entire problem is being minimized by Heritage for obvious reasons. perhaps there should be something in place for customers to disable/delete there current account and start fresh.

    Changing passwords when they come back should be sufficient. As long as the financial information was, as they say, on a separate site, there really shouldn't be a problem.

    Did a double take and had to wonder why? (about the phone)

    Then realization hit! Internet phone.

    Checking my ol’ fashioned landline. ;)

    Still got a dial tone. :D

  • ZoinsZoins Posts: 34,291 ✭✭✭✭✭

    @kuwegg57 said:
    I won a coin on Friday. I wonder if I'm still the winner?

    Let us know :)

  • emeraldATVemeraldATV Posts: 4,631 ✭✭✭✭✭

    Well, insn't that special !
    Thank You, for the update.
    I was just worried about your PR, which seems to be in order.
    But what do I know. Cool .

  • kuwegg57kuwegg57 Posts: 107 ✭✭✭

    Heritage website back online. I'm still the winner of the coin. Just waiting for the invoice.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file