A little over a year ago I had two charges show on my card from an Australian Grocery Store Chain. I had just used the card with an Australian Company for a business related purchase and I accused them of a security breach. With the timing of this hack I may owe them an apology. It was the same card on file with CDN. That card was canceled. I just checked my report online with transunion (GA law allows us two free reports a year) and no damage. The other two will only give free reports through the mail, so I will request them tomorrow. Thanks for the heads up.
A local merchant hosting website service was sent an email 2 years ago saying their system had been breached. The company ignored the email. After all, they had spent millions on equipment and software to prevent such a thing. Another email arrived asking for a $25,000 fee be paid to tell them how they got into the system . Ignored again. Third email contained the credit card numbers of 500 of their clients' customers and asked if they would like a few hundred thousand more. Company called the FBI, Visa, and Mastercard right away. The company spent $200,000 on new servers, controls and cleaning/transferring the database. Visa & M/C notified the banks who notified around 5,000,000 cardholders of the breach (in a non-alarming manner I'm sure). Like the man says, this shlt happens all the time.
Joe
The Philadelphia Mint: making coins since 1792. We make money by making money. Now in our 225th year thanks to no competition.
I got the same letter from the United States Postal Inspection Service about a month ago. I wondered where this Amirsarmad Mirzadehazad got my information. I did a credit report on myself and didn't find anything wrong.
The same thing happened to me. I wondered where the dude got my info from, I guess I know now. I sent off for all three of my credit reports and now have a security flag at all three companies.
...one good thing that came from it... I get a LOT less junk mail now!
BTW, dont waste your money on CC insurance, your only responsible for the first $50. Tell the bank you dont want their card anymore and they will eat the $50 also. Imagine if you were responsible, the banks would have a tough time getting people to sign up!
You can fool man but you can't fool God! He knows why you do what you do!
I was sort of lucky in this mess. This guy was ordering sun glasses sneakers books and other things. He tried to order something from J.C. Penny on-line and when they saw I wanted the order shipped to Pakistan they gave me a phone call. Right after that I called my CC company and had to write several letters over the next 2 months explaining why the charges weren't mine. I had to cancel all my credit cards and get my credit reports and have flags put on my accounts. A real pain. Luckily my credit card company absolved me of all the costs but it could have been a lot worse.
Their actions are reprehensible. I actually considered subscribing, but will never do business with them and spread the word regarding their apathetic attitude in the face of potential fraud. If this is how much they care about their customers, then they can go to hell. My other concern is regarding their need for one's social security #. An excellent point has been raised regarding why a simple subscription necessitates a social security #, I hope they get to read this thread.
Concerning the SSN: The letter from the US Postal Inspection Service said that Social Security Numbers were contained on the hard drive seized. These could have come from numerous sources. What comes to mind right away is employee information along with any person who applied for a line of credit such as a reseller or advertiser. I don't know this for a fact but it is a reasonable assumption. I know in our business that if you are a reseller we request a copy of your tax ID number and if we extend credit we always get a credit application and pull a copy of your report. This information is stored on an isolated machine along with our payroll records and thus not accessible from the net.
All American Coin & Jewlery Co. 6024 N. 9th Ave #5 Pensacola, FL 32504 HTTP://WWW.AACoinCo.Com
I am still in shock as to how rude and apathetic she was on the phone. People like that drive me crazy. You can tell she hates her job and could care less about anyone but her self. ie. " What do you want me to do about it?". Thats the kind of response I expect from an ignoramus.
Additionally, get the phone numbers from the websites and register for the free program that you may have been a potential from identity theft and a fraud altert will be put onto your accounts. -- That means no one can open instant credit using your identity... the down side means you can't either... you'll have to do it the old fashioned way.
Thanks for the heads up all, as I just subscribed (via the web) two days ago... -- That really (*&^&s that CDN didn't inform anyone -- Pete
I received similar correspondence from the postal inspector's office a couple months ago; I don't recall if it was the same database or not, but I did learn a few things.
1. The "fraud alert" is only good in increments of three months - essentially, it only activates a "q&a" whenever credit is applied for. Someone is supposed to call you and query you with info on your report; in other words, no instant credit. However, my wife initiated a credit application jointly, and I was not called. I have about as much confidence in the CRBs as I now do for CDN.
2. Barry, loss of identity entails a bit more than "disputing charges". If someone opens a line of credit using your info, you could very well end up having to start anew, WITH A HISTORY. That is the more significant threat to identity theft. AND NO ONE I've encountered found this process smooth.
3. Generally, one only discovers they have been victimized when they are in the process of some significant purchase activity; try closing on a house only to find that some smuck has racked up a couple of unpaid Platinum lines of credit. Your lender will tell you to come back when it's straightened out. Ya' think that is going to be as simple as disputing charges? No, you have to prove YOU didn't use the credit and then you have to TRY and live with your credit profile for the next 11 years OR, get a new profile - surely you remember your first few credit applications.
Also very shortsighted. They admit they knew about the hack, and that they didn't notify anyone. They've just made themselves liable for any lawsuits that anyone who is damaged by this cares to file.
One thing about fraud alerts, at least with TransUnion. It's up to the person pulling the credit to recognize and do something about the consumer statements. Except in some California situations which will actually prevent the report from being transmitted electronically and requires a phone call to obtain details.
Shane Downing of the CDN just called me and he said "Only 200 names or so were stolen from his database" and "The Postal Inspection Service contacted all the people." I suggested that he get on the bords and explain this himself and i also suggested that he call all of the people who had there data taken and let them know personally.
All American Coin & Jewlery Co. 6024 N. 9th Ave #5 Pensacola, FL 32504 HTTP://WWW.AACoinCo.Com
My CC info was on their website......just canceled it and had a new one re-issued. I can't believe that CDN didn't take the "high road" on this and make their customers aware of the situation.....and if truely only 200 hundred customers WHY didn't they notify them ?? Without a doubt the professional thing to do........
My response to Shane was that if it had happened to my company on our website i would have personally called each and ever customer and had a personal talk with them to assure them we did everything possible and to let them know we would do whatever it took to make it right with the customer. We are if nothing else in a customer friendly business and the customer can make or break us. I know that and so should all business owners.
All American Coin & Jewlery Co. 6024 N. 9th Ave #5 Pensacola, FL 32504 HTTP://WWW.AACoinCo.Com
I spoke with Shane, also. This is what he related to me:
On May 5, 2001 our web-site was defaced along with thousands of other businesses. That same day we corrected the security flaw in Microsoft's web server software. The next day we informed the FBI of the intrusion. Two months ago we were notified by the Postal Inspector that they had a suspect in custody that admitted to stealing a file from our server that contained a few hundred names, addresses and credit card information. The postal inspector notified everyone on the file alerting them to the situation. The file did not contain date of birth or social security numbers.
PNG member, numismatic dealer since 1965. Operates a retail store, also has exhibited at over 1000 shows. I firmly believe in numismatics as the world's greatest hobby, but recognize that this is a luxury and without collectors, we can all spend/melt our collections/inventories.
Am I to conclude that if you haven't received a notification letter from the post office AND have not noticed any funky activity on your credit card since 7 May of '01, that you have nothing to worry about?
In the future, when I buy the Sheets at shows, I will pay in cash.
"Vou invadir o Nordeste, "Seu cabra da peste, "Sou Mangueira......."
<< <i>That the postal inspection service had taken care of notifying the people involved. >>
Given Shane's "version" of the dates, it took our stealth inspectors 31 months to apprehend the culprit and then finally notify the CC holders of the breach.
CDN's inaction was wholly irresponsible....PERIOD!
I am surprised no one is condemning the perpetrator!
Anyone's site can be hacked. Anyone's. Most of the time it is probably an inside job.
A major part of cyber crime is the prosecution is nonexistant or too easy. Just saw a case on the news last Sunday where a woman stole multiple identities and stole over $500,000 in goods and services over a 9 month period. She was tried and convicted to.......3 months PROBATION!
We don't need more laws we need enforcement of the laws on the books today. If someone is down and out, has little good judgement and is impulsive, why not risk 3 months jail time to gain hundreds of thousands with a hihg probability of not getting caught? Crimminals know the odds of capture are slim and the penalties light, hence, the widespread nature of this crime.
I agree with Obaby. There is a very simple reason why the USA has more crime than a whole bunch of other countries. We can't muster the guts to hand out the appropriate punishment!! IMO.
Comments
edited: to corect speeling
Joe
The same thing happened to me. I wondered where the dude got my info from, I guess I know now. I sent off for all three of my credit reports and now have a security flag at all three companies.
...one good thing that came from it... I get a LOT less junk mail now!
David
CDN needs to fess up and apologize at the least.
09/07/2006
My other concern is regarding their need for one's social security #. An excellent point has been raised regarding why a simple subscription necessitates a social security #, I hope they get to read this thread.
6024 N. 9th Ave #5
Pensacola, FL 32504
HTTP://WWW.AACoinCo.Com
You can tell she hates her job and could care less about anyone but her self.
ie. " What do you want me to do about it?". Thats the kind of response I expect from an ignoramus.
www.experian.com
www.transunion.com
Additionally, get the phone numbers from the websites and register for the free program that you may have been a potential from identity theft and a fraud altert will be put onto your accounts. -- That means no one can open instant credit using your identity... the down side means you can't either... you'll have to do it the old fashioned way.
Thanks for the heads up all, as I just subscribed (via the web) two days ago... -- That really (*&^&s that CDN didn't inform anyone
1. The "fraud alert" is only good in increments of three months - essentially, it only activates a "q&a" whenever credit is applied for. Someone is supposed to call you and query you with info on your report; in other words, no instant credit. However, my wife initiated a credit application jointly, and I was not called. I have about as much confidence in the CRBs as I now do for CDN.
2. Barry, loss of identity entails a bit more than "disputing charges". If someone opens a line of credit using your info, you could very well end up having to start anew, WITH A HISTORY. That is the more significant threat to identity theft. AND NO ONE I've encountered found this process smooth.
3. Generally, one only discovers they have been victimized when they are in the process of some significant purchase activity; try closing on a house only to find that some smuck has racked up a couple of unpaid Platinum lines of credit. Your lender will tell you to come back when it's straightened out. Ya' think that is going to be as simple as disputing charges? No, you have to prove YOU didn't use the credit and then you have to TRY and live with your credit profile for the next 11 years OR, get a new profile - surely you remember your first few credit applications.
<< <i>Their actions are reprehensible. >>
Also very shortsighted. They admit they knew about the hack, and that they didn't notify anyone. They've just made themselves liable for any lawsuits that anyone who is damaged by this cares to file.
6024 N. 9th Ave #5
Pensacola, FL 32504
HTTP://WWW.AACoinCo.Com
My CC info was on their website......just canceled it
and had a new one re-issued. I can't believe that CDN
didn't take the "high road" on this and make their customers
aware of the situation.....and if truely only 200 hundred
customers WHY didn't they notify them ?? Without a doubt
the professional thing to do........
Check out my PQ selection of Morgan & Peace Dollars, and more at:
WWW.PQDOLLARS.COM or WWW.GILBERTCOINS.COM
6024 N. 9th Ave #5
Pensacola, FL 32504
HTTP://WWW.AACoinCo.Com
6024 N. 9th Ave #5
Pensacola, FL 32504
HTTP://WWW.AACoinCo.Com
On May 5, 2001 our web-site was defaced along with thousands of other businesses. That same day we corrected the security flaw in Microsoft's web server software. The next day we informed the FBI of the intrusion. Two months ago we were notified by the Postal Inspector that they had a suspect in custody that admitted to stealing a file from our server that contained a few hundred names, addresses and credit card information. The postal inspector notified everyone on the file alerting them to the situation. The file did not contain date of birth or social security numbers.
<FONT size=2>http://www.cnn.com/2001/TECH/internet/05/07/brazilian.hacks.idg/index.html</FONT><FONT face=Arial color=#808080>
<DIV><FONT size=2>http://www.cnn.com/2001/TECH/internet/05/14/hacking.targets.idg/index.html</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>http://www.cnn.com/2001/TECH/internet/05/11/china.cyberwar.idg/index.html</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>http://www.cnn.com/2001/WORLD/asiapcf/east/05/03/china.hack/index.html</FONT></DIV></FONT>
I firmly believe in numismatics as the world's greatest hobby, but recognize that this is a luxury and without collectors, we can all spend/melt our collections/inventories.
eBaystore
<< <i>That the postal inspection service had taken care of notifying the people involved. >>
Yes, but that was over 2 years after CDN became aware of the theft. That isn't an explanation.
In the future, when I buy the Sheets at shows, I will pay in cash.
"Seu cabra da peste,
"Sou Mangueira......."
<< <i>That the postal inspection service had taken care of notifying the people involved. >>
Given Shane's "version" of the dates, it took our stealth inspectors 31 months to apprehend the culprit and then finally notify the CC holders of the breach.
CDN's inaction was wholly irresponsible....PERIOD!
Anyone's site can be hacked. Anyone's. Most of the time it is probably an inside job.
A major part of cyber crime is the prosecution is nonexistant or too easy. Just saw a case on the news last Sunday where a woman stole multiple identities and stole over $500,000 in goods and services over a 9 month period. She was tried and convicted to.......3 months PROBATION!
We don't need more laws we need enforcement of the laws on the books today. If someone is down and out, has little good judgement and is impulsive, why not risk 3 months jail time to gain hundreds of thousands with a hihg probability of not getting caught? Crimminals know the odds of capture are slim and the penalties light, hence, the widespread nature of this crime.