Jump to content

BRS Hacked CC data stolen

Leishman

By Leishman,
in General Discussion

 Share

Recommended Posts

Leishman Oracle Reefer

Leishman

http://www.reef2reef.com/forums/reef-aquarium-discussion/192590-bulkreef-supply-hacked-credit-cards-compromised.html

 

February 18, 2015

We want to express our sincere regret to the customers of Bulk Reef Supply whose personal information was stolen from our website server. BulkReefSupply.com ("BRS") learned of a data security incident caused by an outside hacker intrusion to its website. While we are continuing to investigate this incident, we do know that some customer data for customers who logged into the website from July 30, 2014 until January 30, 2015 may have been compromised.

The outside cyber hacker intrusion was initially discovered on January 21, 2015 and the data compromise was contained and corrected on January 22, 2015. Further corrective action occurred on January 30th. This incident involved the name, address, telephone number, email address/user name, password and credit card information of some customers. The information DID NOT include SSN, personal health information or Fed ID. As a result, the personal information of some customers may have been potentially exposed to others. Please be assured that BRS has taken every step necessary to address the incident, and that we are committed to fully protecting all of the information that you have entrusted to us.

As soon as BRS discovered this potential issue, a forensic expert company was retained and the intrusion was isolated and stopped. Forensic analysis was performed and it was confirmed that the problem was corrected. Besides immediately securing the site and information in question, BRS added additional protections to the locations of the personal information and put monitoring measures in place to insure this attack has been stopped and will not occur in the future. BRS is confident that the risk of any potential future or ongoing breach has been mitigated. BRS has also notified law enforcement and provided it with all the information about this intrusion.

BRS is encouraging customers to take steps to protect their identity and financial information. Customers affected by this incident will receive written notification from Bulk Reef Supply in the next few days detailing the data which has been compromised and the steps to take to receive credit-monitoring services and other credit-protection services free-of-charge.

You should also change your BRS account password for additional protection.

We sincerely apologize for this incident, regret any inconvenience it may cause you and encourage you to take advantage of the credit-monitoring services and other credit-protection services. Should you have questions or concerns regarding this matter and/or the protections available to you, please do not hesitate to contact us at 763-432-9691.

For general information and best practices on identify theft prevention, click here.

Link to comment
Share on other sites
DuffyGeos Oracle Reefer

DuffyGeos

Great.... :mad:

 

thanks for the heads up.

 

Actually I just got the BRS letter in the mail. They do offer a free 1 year Experian ProtectMyID Alert and a password to activate your own account.

 

So it looks like they are doing what ever they can at this point.

Link to comment
Share on other sites
YHSublime Neptune Reefer

YHSublime

I wonder if thats why all my CC's got used in Colorado this year >_<

 

Probably had to do with MACNA ;)

Link to comment
Share on other sites
YHSublime Neptune Reefer

YHSublime

OH RIGHT!

 

It's cool, my Credit Card had a bunch of mysterious charges in Colorado that time of year also. Either of the Aquatic or Hops variety.

 

But back to the subject, I wonder if I should be worried, I only use PayPal for BRS.

Link to comment
Share on other sites
WilRams Master Reefer

WilRams

Well that sucks but to be honest I'm not even that phased. Not my first rodeo...I think I get a new card at least twice a year when either I notice or my CC calls to say its been compromised. Blah.

 

Target hack? Yup did some Christmas shopping there during the exact dates.

 

Home Depot hack? Yup just bought a house and bought tons of stuff during that time period.

Link to comment
Share on other sites
madweazl Uber Reefer

madweazl

People have been complaining about it for months on RF and BRS insisted it was next to impossible and that there was no chance. Looks like they should have taken it seriously much sooner than they did. Nothing is secure, if somebody wants in, they'll get in. 

Link to comment
Share on other sites
Joshwaggs Urchin

Joshwaggs

(edited)

Both cards I used at brs were used fraudulently by someone else. It would have been nice to know about this earlier.

Edited by Joshwaggs
Link to comment
Share on other sites
WilRams Master Reefer

WilRams

Ha. What timing. Just got called from one of the two CC's I used at BRS. They said someone tried running it twice in PA. So new cards on the way...

Link to comment
Share on other sites
bqq100 Tang

bqq100

This could explain the fraudulent paypal account that was setup using my CC that was also used at BRS in November.  Paypal was really good about pro-actively shutting down the other account and refunding the money back to my CC.  I just wish they had done a better job of notifying me... I saw a charge/refund from paypal a few days after it had posted and had to call in to find out what was going on, then call my CC company for a new card.

Link to comment
Share on other sites
Neto Master Reefer

Neto

Do we know if all customers where affected or only those that store cc info on their website?

 

 

Sent from my iPhone using Tapatalk

Link to comment
Share on other sites
smallreef Oracle Reefer

smallreef

Do we know if all customers where affected or only those that store cc info on their website?

Sent from my iPhone using Tapatalk

It seems like anyone who has a saved account got compromised... I got my letter last night and I dont have any CC's saved, as I only use my paypal there also.

Changed my password .... Hope that's it... Since all they get was my name, address, and the fact that I last ordered in 2013....

Link to comment
Share on other sites
AlanM Oracle Reefer

AlanM

I agree that they are handling it really well. Better than I have ever seen a company do. Target, home Depot, etc. I have a different pwd for every site, but if anyone reused their brs password somewhere else remember to change that one too.

 

Apparently they weren't storing the passwords encrypted or weren't salting the hash used? Are there details of what was taken and how anywhere other than the form letters which I received too?

Link to comment
Share on other sites
Brian Ward Oracle Reefer

Brian Ward

I do ecomm for a living and this is exactly why the chips are coming in cards now and the bigger retailers are moving to tokenization. Chips don't help yet for online but the websites really have to do tokenization sooner rather than later. The move can't come fast enough for me.

Link to comment
Share on other sites
flooddc Oracle Reefer

flooddc

Got a letter too! Fortunately, I always have a good habit not to keep CC on file when ordering online. But just to be on the safe side, I called my CC company and request a new CC #.

 

Hopefully one day, we can get new identity.   

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...