Everyone who is saying they won't be ordering from Midwest again, take the time to send them a message on their site requesting they delete your account and personal information and tell them why. Quietly never buying from them again doesn't send a message, literally sending a message does.
Important Statement From Midwest Supplies
- Thread starter midwestsupplies
- Start date
Help Support Homebrew Talk - Beer, Wine, Mead, & Cider Brewing Discussion Forum:
This.
This would still only prevent theft if:
a) it's true
b) no one entered new cards while the system was compromised.
A couple other people here have observed that PCI compliance won't stop credit card theft and they're right. If there is credit card info being sent to a server, it CAN be recorded. If the server is compromised, you can bet that's what is happening.
Once again, there is no way to stop payment details from being recorded if the machine that accepts them from the customer gets hacked. You can only make it less likely by keeping your system up to date, enforcing sensible security policies, and auditing outbound communication. Real security involves a combination of merchant security and creditor-level fraud protection.
FuzzeWuzze
I Love DIY
Honestly i wouldnt.
Paypal is notorious for stealing peoples money and always siding with the merchant when there is a dispute.
Just google about it, there are cases of Paypal locking down Fundraiser/Charity accounts for months on end because of "Fraud". Yet no one you can call or talk too will tell you anything about what is going on. Paypal is *NOT* a bank in the United States, and they do not have to follow any of the government regulations regarding how banks have to operate when there is fraud. They can (and do) just lock your account and there is nothing you can do. Many people have lost thousands of dollars because of this.
Granted there is a difference between storing money with Paypal and just using them to access your bank accounts, but regardless their history in terms of customer support is mediocre at best. Some of the things they've done are far worse than Midwest could ever do.
If you use one of the big banks like BoA google about one time use VISA cards.
You can basically generate a new Credit card number, push an exact amount of money to it for your purchase and then pay with it. The card number is then usually destroyed.
djt17
Well-Known Member
Done, even though my account doesn't appear to have been hacked. (yet)
Transamguy77
Well-Known Member
So I have read the whole thread and at some point I realized that my wife had said that she got a call from the bank (that we rarely use that has just a small balance) that someone was trying to use that acct, now it could just be a coincidence but she had made a purchase from MW sometime last year. If its not then I can assume that any purchase that has been made the info could have possibly stolen. I sort of dismissed the card thing until I read this thread. Again it could have been just a coincidence or could it?
My account was hacked. Fortunately my card service noticed the odd transactions and called me personally to confirm- so I got lucky and was not responsible for those charges. If I hadn't been so lucky $25 would not have compensated me. I told MWS "from one homebrewer to another" the way they handled this is absolutely pathetic and to delete my account and info. No brewer waits months to address a problem of this magnitude.
FWIW: Tonight I will drink to any brewers who were stolen from. May you find swift compensation- Financial or psychological!
FWIW: Tonight I will drink to any brewers who were stolen from. May you find swift compensation- Financial or psychological!
Of course it could have been a coincidence, but you shouldn't count on it. Even if it wasn't Midwest there's something bad going on. Call your bank and get a new card issued right away.
seph
Well-Known Member
I had one charge from Walmart.com also. I caught it in time and they were able to refund the money to my account. I still haven't received a letter from Midwest, but I have received two catalogs since the incident happened.
ECUmedford
Member
- Joined
- Apr 8, 2013
- Messages
- 20
- Reaction score
- 6
Found this gem of a news article about it from Esecurityplanet.com: http://www.esecurityplanet.com/network-security/midwest-supplies-suffers-data-breach.html
Love the commentary at the end:
A couple of more articles if interested:
http://www.bizjournals.com/twinciti...09/hackers-strike-minnesota-home-brewing.html
http://www.scmagazine.com/home-brew...bsite-cracked-open-by-hackers/article/309556/
Love the commentary at the end:
A couple of more articles if interested:
http://www.bizjournals.com/twinciti...09/hackers-strike-minnesota-home-brewing.html
http://www.scmagazine.com/home-brew...bsite-cracked-open-by-hackers/article/309556/
This may not be related at all but in march I had 2 charges at Walmart.com that I thought was my wife but she says it wasn\'t. We have separate accounts so she would remember using my card...a couple weeks later I had a new card in the mail with a statement saying my acct had been compromised and \"several\" attempts made to fraud the acct. I made my 1 and only purchase from MWH last fall....
ja09
Well-Known Member
I received my letter today. My card was compromised for many hundreds.. and like everyone else, I'm ready to grab my pitchfork and head over there.
I've attached the letter if anyone's curious... and what a joke it is. They even have the balls to refer you to credit monitoring agencies without any reimbursement if you've already used your "one free report".
I'm local and have always had love/hate relationship with them, and have always suspected poor management due to their constant screw-ups and the terrible staff they hire that never knows anything & gives the worst advice (there are a couple good ones).
The only reason I've loved them in the past is because they regularly mark the wrong price on things and don't know what they're doing... i.e. selling ball locks in their store at $34 by accident (that was sweet), sending me a keg in the mail when I didn't even order one (even sweeter), giving me a new regulator for free because my old one had an issue, and the list goes on.
Interesting, but this isn't the case with my letter which states "May 4, 2013". The part that's really interesting is the card that was compromised was used with them only in 2012, and not any later.
All in all, this latest bit confirms my suspicions and experience that Midwest has very poor management (kudos David Kidd), and is probably not worth my time or money until they clean house, including you David.
I've attached the letter if anyone's curious... and what a joke it is. They even have the balls to refer you to credit monitoring agencies without any reimbursement if you've already used your "one free report".
I'm local and have always had love/hate relationship with them, and have always suspected poor management due to their constant screw-ups and the terrible staff they hire that never knows anything & gives the worst advice (there are a couple good ones).
The only reason I've loved them in the past is because they regularly mark the wrong price on things and don't know what they're doing... i.e. selling ball locks in their store at $34 by accident (that was sweet), sending me a keg in the mail when I didn't even order one (even sweeter), giving me a new regulator for free because my old one had an issue, and the list goes on.
Interesting, but this isn't the case with my letter which states "May 4, 2013". The part that's really interesting is the card that was compromised was used with them only in 2012, and not any later.
All in all, this latest bit confirms my suspicions and experience that Midwest has very poor management (kudos David Kidd), and is probably not worth my time or money until they clean house, including you David.
steveoc
Well-Known Member
I got hit too. Credit Card company was right on it and immediately contacted me via multiple modes. I guess buying a $2000 ticket on Emirate Air was a little out of my normal behavior. Upon contacting me they immediately voided the card and sent a new one.
I guess I was not too badly impacted other than being rousted from bed and having to spend a half hour on the phone with a customer rep that I could barely understand.
I am underwhelmed by their $25 offer that I got in the mail today.
I guess I was not too badly impacted other than being rousted from bed and having to spend a half hour on the phone with a customer rep that I could barely understand.
I am underwhelmed by their $25 offer that I got in the mail today.
I tell you what... if I owned another larges homebrew store based in the capitol of Texas Id be thinking long and hard about honoring my competitors gift certificates for the next month or so. Just sayin...
I don't know about that -- maybe a $10 discount if you provide your letter of compromise.
That same store you mentioned happens to have stopped offering lower prices for going AG for a lot of their kits (for seemingly no reason), and instead charges just as much for AG as they do extract. This isn't every recipe, but there are quite a handful that seem to be affected by this (ie. the newest IPA being promoted with the blue hop logo).
ja09
Well-Known Member
Bobby,
Not to sound like a dick, but would you be willing to share which credit card company or bank you're using? That's a little ridiculous and they should be called out for it.
ps. Love the sight glass and digital therm adapter. Two of the best brewing investments I've ever made. I will be ordering from you again in the future, and thank you for offering Paypal payments even though they're almost as big of a joke as Midwest, but at least their security is top-notch.
Wrecked
Well-Known Member
nickmv said:
Are you sure about that? Just checked the pricing on some of my favorite kits and the prices are discounted for AG kits.
Sure wasn't for the few I checked, and I had noticed before. Let me check again.
Edit: You are indeed correct sir. Even then, their kit prices are way above what they should be. It should be about the same as ordering the recipe's ingredients separately, but I commonly find $20 recipes to be $40-50 there, which is silly.
Now, my original statement still stands for some recipes, such as the newest IPA they're promoting -- no discounts for AG, which is just plain bad business. Regardless, this is going off-topic from what we're discussing -- Midwest being hacked and offering laughable apologies.
Wrecked
Well-Known Member
nickmv said:
Agreed on several of your points. Now back on topic, cheers.
jasoncongo
New Member
- Joined
- Sep 3, 2013
- Messages
- 2
- Reaction score
- 0
I'm new to this site. Long story short, I'm going to take the gift card, spend most of it (not enough to need to add a new cc) then take my future business elsewhere and send them a note as to why.
All I see in their eyes is pi π.
Nothing says sorry like starting a thread and never coming back to it. I really hope that since MidWest and Northern Brewer are 2 separate sites...they have 2 different security practices. NB being better. I have had no issues with them thus far
I got my notice via USPS today. I think I've only bought from MW once ever...two fraudulent charges on my card resulted. My bank caught it right away and dealt with it at no cost to me. Pain in the ass to be without my card for a week but not the end of the world.
Hm, that sounds like a lot of hoops to jump through. IANAL, but usually you're only liable up to $50 with a card.
I just got this letter - I had an unauthorized charge show up over the July 4th weekend, and then the same exact charge about a month ago. I was blaming a sketchy parking lot attendant, but I guess now this explains where the charges really came from. AmEx refunded both within days.
Monitor your statement weekly, or even better, set up charge alerts - if your CC company is anywhere close to the 21st century, they should offer them. If not, set up a Mint.com account. I get emails for anything over $10, too bad I can't dispute any pending charges until they post.
As far as Midwest... well, at least they bothered to send a letter. I figure this stuff happens a lot these days, I even had my card cloned in person.
Now, can someone tell me what kind of identity theft is possible with the information that was stolen from Midwest (address/name/CC #)? It's not like someone can open another CC account in my name without my birthdate and SSN, right? Though I suppose they could steal that from somewhere else.
Fixed that for ya.
Thanks, I was definitely trying to be sarcastic.
Hmm, so the official letter came in the mail today. Didn't realize I was in the affected timeframe. So Midwest is on my "do not buy" list. I can't believe how long it took them to respond to something that went as far back as March.
The worst part of this for me was that this happened to me on an order that took a month to ship it to me and then still missed items in my order. Phone call after phone call. Seen the posts online for people having fraudulent charges after Midwest orders. Then it hit me with a 680 dollar charge from Macy's.
Luckily Macy's denied the order and I got a letter in the mail from them staying they information didn't match and it never posted on my American express. Sucked because I had to cancel the card and get a new one which still wasn't the worst part. Then I had to waste more of my time changing all of the things I had that card linked for auto payments.
An awful experience all around from start to finish. Not the first time this had happened to me but first from Midwest. Glad this time it wasn't my bank card. So much wasted time on an order and more wasted time trying to clean up the aftermath.
Luckily Macy's denied the order and I got a letter in the mail from them staying they information didn't match and it never posted on my American express. Sucked because I had to cancel the card and get a new one which still wasn't the worst part. Then I had to waste more of my time changing all of the things I had that card linked for auto payments.
An awful experience all around from start to finish. Not the first time this had happened to me but first from Midwest. Glad this time it wasn't my bank card. So much wasted time on an order and more wasted time trying to clean up the aftermath.
Rhumbline
Well-Known Member
Now, I'm not hoisting anyone's flag here, but in the interest of fairness I'll point out that in the past month I've, for the first time in 20 years, gotten fraudulent charges on my card.
I have never ordered from Midwest, nor from Northern.
All I'm saying is that the issue might be bigger than just this one merchant.
That does not excuse any failure on the merchant's part to protect the client or to act appropriately.
I have never ordered from Midwest, nor from Northern.
All I'm saying is that the issue might be bigger than just this one merchant.
That does not excuse any failure on the merchant's part to protect the client or to act appropriately.
Wait--are you implying that homebrewers in general are being targeted by an anonymous group of malicious black hats?
Rhumbline
Well-Known Member
Just remember, even paranoid people have enemies!
In my case, I'm pretty sure it was an online purchase from a retailer unassociated with brewing. Just saying that there may have been a recent spate of attacks on the second tier folks.
Happy brewing
In my case, I'm pretty sure it was an online purchase from a retailer unassociated with brewing. Just saying that there may have been a recent spate of attacks on the second tier folks.
Happy brewing
Just got my letter this morning, I guess that explains the fraudulent charges I had in July/August.
I just went to try this promo code out to see if I could even purchase a kit, too bad $25 is not enough to cover a kit! Additionally, I tried to just purchase some hops to keep it well under $25 with shipping and it appears the code doesn't even cover shipping! Wow, so I have to pay $8 after getting bent over by Midwest, I will no longer order from there. What a joke.
I just went to try this promo code out to see if I could even purchase a kit, too bad $25 is not enough to cover a kit! Additionally, I tried to just purchase some hops to keep it well under $25 with shipping and it appears the code doesn't even cover shipping! Wow, so I have to pay $8 after getting bent over by Midwest, I will no longer order from there. What a joke.
jakenbacon
Well-Known Member
Now I know why I received a new bank card in the mail recently. Thanks Midwest!!!
aiptasia
Well-Known Member
We got their letter today with the coupon code. The card the crooks got from us was issued by Amazon (citibank) and the Wife had made exactly three purchases with it prior to it being red flagged by citibank. Two of the purchases were on Amazon, and one was Midwest. Didn't take long to figure out where the breach occurred. There were two charges that clued off citibank, a $1.00 charge (to see if the card was valid) and an attempted $500 or so purchase out of CA to a Sears if I remember correctly. Neither charge was honored by citi and they had us a new card in a few days.
I don't get sandy about online fraud, it's why we had the dedicated online Amazon credit card to begin with (including some amazon perks like prime, etc.). What does make me sandy is the way Midwest handled the whole debacle and the time it took to rectify the situation. Seems like since the company was sold and their logistics are being merged with NB's, there's some internal trouble at Midwest in customer satisfaction, order fulfillment and fraud prevention.
Sad thing is, it's going to take a lot for Midwest to recover from a PR black eye. Knowing that NB is the new proud poppa... it's making Austin, Morebeer and Williams look like the best online options. Heck, just shop at your LHBS.
I don't get sandy about online fraud, it's why we had the dedicated online Amazon credit card to begin with (including some amazon perks like prime, etc.). What does make me sandy is the way Midwest handled the whole debacle and the time it took to rectify the situation. Seems like since the company was sold and their logistics are being merged with NB's, there's some internal trouble at Midwest in customer satisfaction, order fulfillment and fraud prevention.
Sad thing is, it's going to take a lot for Midwest to recover from a PR black eye. Knowing that NB is the new proud poppa... it's making Austin, Morebeer and Williams look like the best online options. Heck, just shop at your LHBS.
You were not "bent over by Midwest". They did not steal your CC info and use it to buy stuff at Walmart. That was someone else.
I'm not going to defend MW in the way they handled this situation, but it's important to remember that they were not the criminal here.
Fair enough, although if Midwest's lack of security enabled thieves to steal my CC information (and rack up fraudulent charges), that doesn't go over well in my book. I purchased from Midwest on may 31, and the fraudulent charges were in mid July. If Midwest had any idea that there was security issues, they could have let us know so we could take preventive action. That was nearly 2 months that the person could have had my data, who knows what they have done with it or what they can do with it.
It sounds like standard protocol is to purchase identity theft protection for their victims/customers, but apparently a $25 promo code is enough to satisfy us.
Additionally, for me to take advantage of this "apology offer" I would need to use a credit card to cover the shipping! Sure, let me give MW another CC to have more fraud on my account!
I can't even purchase something for like $10 plus $8 shipping (keeping the total under $25) because apparently the code doesn't apply to shipping. (From what I could tell at least).
Similar threads
