Leishman February 19, 2015 February 19, 2015 http://www.reef2reef.com/forums/reef-aquarium-discussion/192590-bulkreef-supply-hacked-credit-cards-compromised.html February 18, 2015 We want to express our sincere regret to the customers of Bulk Reef Supply whose personal information was stolen from our website server. BulkReefSupply.com ("BRS") learned of a data security incident caused by an outside hacker intrusion to its website. While we are continuing to investigate this incident, we do know that some customer data for customers who logged into the website from July 30, 2014 until January 30, 2015 may have been compromised. The outside cyber hacker intrusion was initially discovered on January 21, 2015 and the data compromise was contained and corrected on January 22, 2015. Further corrective action occurred on January 30th. This incident involved the name, address, telephone number, email address/user name, password and credit card information of some customers. The information DID NOT include SSN, personal health information or Fed ID. As a result, the personal information of some customers may have been potentially exposed to others. Please be assured that BRS has taken every step necessary to address the incident, and that we are committed to fully protecting all of the information that you have entrusted to us. As soon as BRS discovered this potential issue, a forensic expert company was retained and the intrusion was isolated and stopped. Forensic analysis was performed and it was confirmed that the problem was corrected. Besides immediately securing the site and information in question, BRS added additional protections to the locations of the personal information and put monitoring measures in place to insure this attack has been stopped and will not occur in the future. BRS is confident that the risk of any potential future or ongoing breach has been mitigated. BRS has also notified law enforcement and provided it with all the information about this intrusion. BRS is encouraging customers to take steps to protect their identity and financial information. Customers affected by this incident will receive written notification from Bulk Reef Supply in the next few days detailing the data which has been compromised and the steps to take to receive credit-monitoring services and other credit-protection services free-of-charge.You should also change your BRS account password for additional protection. We sincerely apologize for this incident, regret any inconvenience it may cause you and encourage you to take advantage of the credit-monitoring services and other credit-protection services. Should you have questions or concerns regarding this matter and/or the protections available to you, please do not hesitate to contact us at 763-432-9691. For general information and best practices on identify theft prevention, click here.
DuffyGeos February 19, 2015 February 19, 2015 Great.... thanks for the heads up. Actually I just got the BRS letter in the mail. They do offer a free 1 year Experian ProtectMyID Alert and a password to activate your own account. So it looks like they are doing what ever they can at this point.
Happyfeet February 19, 2015 February 19, 2015 I wonder if thats why all my CC's got used in Colorado this year >_<
YHSublime February 19, 2015 February 19, 2015 I wonder if thats why all my CC's got used in Colorado this year >_< Probably had to do with MACNA
YHSublime February 19, 2015 February 19, 2015 OH RIGHT! It's cool, my Credit Card had a bunch of mysterious charges in Colorado that time of year also. Either of the Aquatic or Hops variety. But back to the subject, I wonder if I should be worried, I only use PayPal for BRS.
wangspeed February 19, 2015 February 19, 2015 PayPal only for me as well. Need to change my BRS password though. I also use throw away email accounts for most sites. -- Warren
WilRams February 19, 2015 February 19, 2015 Well that sucks but to be honest I'm not even that phased. Not my first rodeo...I think I get a new card at least twice a year when either I notice or my CC calls to say its been compromised. Blah. Target hack? Yup did some Christmas shopping there during the exact dates. Home Depot hack? Yup just bought a house and bought tons of stuff during that time period.
madweazl February 19, 2015 February 19, 2015 People have been complaining about it for months on RF and BRS insisted it was next to impossible and that there was no chance. Looks like they should have taken it seriously much sooner than they did. Nothing is secure, if somebody wants in, they'll get in.
Joshwaggs February 19, 2015 February 19, 2015 (edited) Both cards I used at brs were used fraudulently by someone else. It would have been nice to know about this earlier. Edited February 19, 2015 by Joshwaggs
WilRams February 20, 2015 February 20, 2015 Ha. What timing. Just got called from one of the two CC's I used at BRS. They said someone tried running it twice in PA. So new cards on the way...
s2nhle February 20, 2015 February 20, 2015 i just got letter from BRS also. Let me check my CC for any fraud.
bqq100 February 20, 2015 February 20, 2015 This could explain the fraudulent paypal account that was setup using my CC that was also used at BRS in November. Paypal was really good about pro-actively shutting down the other account and refunding the money back to my CC. I just wish they had done a better job of notifying me... I saw a charge/refund from paypal a few days after it had posted and had to call in to find out what was going on, then call my CC company for a new card.
Neto February 20, 2015 February 20, 2015 Do we know if all customers where affected or only those that store cc info on their website? Sent from my iPhone using Tapatalk
smallreef February 20, 2015 February 20, 2015 Do we know if all customers where affected or only those that store cc info on their website? Sent from my iPhone using Tapatalk It seems like anyone who has a saved account got compromised... I got my letter last night and I dont have any CC's saved, as I only use my paypal there also. Changed my password .... Hope that's it... Since all they get was my name, address, and the fact that I last ordered in 2013....
sen5241b February 20, 2015 February 20, 2015 I do IT security for a living. They seemed to have handled the incident well.
ridetheducati February 20, 2015 February 20, 2015 Do we know if all customers where affected or only those that store cc info on their website? Sent from my iPhone using Tapatalk I can send you the complete list. Jk
AlanM February 21, 2015 February 21, 2015 I agree that they are handling it really well. Better than I have ever seen a company do. Target, home Depot, etc. I have a different pwd for every site, but if anyone reused their brs password somewhere else remember to change that one too. Apparently they weren't storing the passwords encrypted or weren't salting the hash used? Are there details of what was taken and how anywhere other than the form letters which I received too?
Brian Ward February 21, 2015 February 21, 2015 I do ecomm for a living and this is exactly why the chips are coming in cards now and the bigger retailers are moving to tokenization. Chips don't help yet for online but the websites really have to do tokenization sooner rather than later. The move can't come fast enough for me.
flooddc February 21, 2015 February 21, 2015 Got a letter too! Fortunately, I always have a good habit not to keep CC on file when ordering online. But just to be on the safe side, I called my CC company and request a new CC #. Hopefully one day, we can get new identity.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now