Security Breach at Midwest Supplies

This is from another forum where it was reposted from HBT.

This was posted on HBT over the weekend by Midwest Supplies:

Recently we learned that despite our best efforts the security of our website was breached by an outside party. For certain types of transactions, this breach may have resulted in the outside party being able to capture and use customer credit card information entered at the time of the transaction. When we identified the breach, we immediately secured our servers, hired a technical team to investigate and help resolve the situation, notified the credit card companies and law enforcement, and obtained legal counsel specializing in computer hacking to help us navigate the very specific legal notification requirements for all 50 states. At this time, all of the notifications have been made, and letters have been sent to all customers that may have been impacted. We regret not providing an update sooner, but we did not want to comment publicly until our investigation was complete and we were able to identify and notify those potentially affected.

Our investigation has now been completed and we are satisfied that the situation has been resolved and that all affected customers have been identified. We have also implemented extensive steps to prevent this kind of incident from happening again. In addition, we sent a letter to each customer who may have been impacted, notifying them of the incident and providing our sincere apology and a credit for $25 worth of homebrewing or winemaking supplies. If you have any questions or concerns please contact our customer service department by phone at 888-449-2739. Rest assured that if you were not contacted you were not among the customers impacted.

We have spent many years working to earn your trust and loyalty. And we recognize an attack like this can undermine that trust. As one brewer to another, you can rest assured that we won’t rest until you’ve brewed your best.

David Kidd

President
    __________________
    Beer and Wine Making Supplies since 1995
    http://www.midwestsupplies.com

One of the reasons I have always liked them better than Northern Brewer is that they accept paypal. I really feel a lot safer using paypal over credit cards online.

Saw that. They aren’t getting very positive responses. I think I had my card number stolen a couple years ago. A charge showed up on my account from California, some flower shop. The only place I had been using it much online was Midwest.
But I’m not blaming them, really. Hopefully, they have it all resolved.

This explains why my card was used in MN and AU recently.  Fortunately the card company didn’t allow the charges to go through.  I contacted Midwest today and they said they had sent me a letter that is supposed to get here tomorrow.  Glad to hear they accept Paypal, I’ll go that route in the future.

Sorry to hear that but processing credit cards is not a trivial thing.

There is such a thing that is called PCI compliance.

These are the rules that every credit processor have to comply with.
I think they are in a big trouble.

Well… this certainly explains some issues I noticed in early July.

My wife ordered me a kegging system for my birthday on her CC.  She made an account and accumulated enough points for me to get a free picnic tap for it, so I bought some other stuff as well using my CC.  A few weeks later my wife notices fraudulent charges on her CC.  A week or so later, I see fraudulent charges on mine.  It didn’t occur to us it may have been midwest supplies.  Shame too, because I’ve ordered from both them and NB several times, and have never had any issues with the order.

Now I know where the security problem occurred. The credit card co. Fraud protection saw a fishy charge to “payroll Services” for $1. Then there was another charge before it was frozen and I was contacted. Got the letter today.

This is why I always keep all my credit cards completely maxed.  Just let some crook try and use on of mine and they will experience the same shame I experience every day when the clerk says “I’m sorry sir, it says declined.”    :o

I got the letter, but no issues on my credit card so far. So AFAIC it’s a free $25 gift certificate, and I need some stuff anyways. Sucks that it happened, but I’m happy to see that they’re taking the right steps to at least try to make this right. I’ve always had excellent customer service from Midwest, and I will continue to use them in light of this issue.

This is a terrible haiku.

BRILLIANT!

At least they are taking proactive steps to take ownership of the problem and put their customers on notice, unlike a certain other large HBS a few years back that denied responsibility for the problem to the bitter end. I had the pleasure of dealing with that situation after they promised the problem was fixed when it wasn’t.

If you are one of the unfortunate people who were struck by fraudulent charges, you should offer to fax or email a scan of the letter from midwest to your CC provider to help verify your fraud allegations and help them track down the charges.

me too. Luckily my bank caught on very quickly and called to confirm several fraudulent transactions.

This is bothersome. I’m not too surprised though, as long as there is business there will also be fraud. Hopefully MW will get this under control and past them soon. Fortunately, I haven’t purchased anything from them in the recent past. They have a very respectable business, and I’ll be doing business with them again for sure.

Midwest and Northern Brewer have the same parent company. One can wonder if the IT is separate,or consolidated? If no problems at NB, then one could deduce separate.

I live in Minneapolis and frequently buy supplies from both MW and NB.  In talking to some of the employees at both stores, it sounds like the only thing they really share is inventory.  And even their inventory sharing is not very extensive, apparently.

Thanks Matt, that is good to know, as I ought a few things from NB after the NHC, using the NHC discount code.

I don’t know, the description of the breach (and the complaints at HBT) make it seem like their payment process was compromised for some time. It sounds like their sysadmins weren’t on top of things and I will think twice before buying from them again.

I would think that after this they would be one of the more secure places to order from for a while. till they get complacent again that is.

Interesting to see that David Kidd’s LinkedIn profile has been deleted. Coincidence?
http://www.linkedin.com/pub/david-kidd/2/b64/167

It’s still in the Google cache, though.
http://webcache.googleusercontent.com/search?q=cache:Z1Hre4dLihEJ:www.linkedin.com/pub/david-kidd/2/b64/167+&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a

Sorry about that.
Bottom Line they are fully responsible

On the side note.
Did you see last brewing tv episode?
What happened to all the people there?
And who is the Kidd guy?