Happy HolidaySs Giveaway - Winners Re-Re-Re-Re-Drawn - 24 hours to Claim!

Get your HBT Growlers, Shirts and Membership before the Rush!


Home Brew Forums > Home Brewing Beer > General Beer Discussion > Important Statement From Midwest Supplies
Closed Thread
 
LinkBack Thread Tools
Old 09-02-2013, 01:33 AM   #1
midwestsupplies
Sponsor
HBT_SPONSOR.png
HomeBrewTalk 2012 Vendor Giveaway Participate
Vendor Ads 
Feedback Score: 1 reviews
 
midwestsupplies's Avatar
Recipes 
 
Join Date: Aug 2010
Location: St. Louis Park, MN
Posts: 50
Liked 34 Times on 20 Posts
Likes Given: 3

Default Important Statement From Midwest Supplies

Recently we learned that despite our best efforts the security of our website was breached by an outside party. For certain types of transactions, this breach may have resulted in the outside party being able to capture and use customer credit card information entered at the time of the transaction. When we identified the breach, we immediately secured our servers, hired a technical team to investigate and help resolve the situation, notified the credit card companies and law enforcement, and obtained legal counsel specializing in computer hacking to help us navigate the very specific legal notification requirements for all 50 states. At this time, all of the notifications have been made, and letters have been sent to all customers that may have been impacted. We regret not providing an update sooner, but we did not want to comment publicly until our investigation was complete and we were able to identify and notify those potentially affected.

Our investigation has now been completed and we are satisfied that the situation has been resolved and that all affected customers have been identified. We have also implemented extensive steps to prevent this kind of incident from happening again. In addition, we sent a letter to each customer who may have been impacted, notifying them of the incident and providing our sincere apology and a credit for $25 worth of homebrewing or winemaking supplies. If you have any questions or concerns please contact our customer service department by phone at 888-449-2739. Rest assured that if you were not contacted you were not among the customers impacted.

We have spent many years working to earn your trust and loyalty. And we recognize an attack like this can undermine that trust. As one brewer to another, you can rest assured that we won’t rest until you’ve brewed your best.

David Kidd

President

__________________

Beer and Wine Making Supplies since 1995
www.midwestsupplies.com

midwestsupplies is offline
2
People Like This 
Quick reply to this message
Old 09-02-2013, 01:49 AM   #2
nickmv
HBT_SUPPORTER.png
Feedback Score: 0 reviews
Recipes 
 
Join Date: Mar 2010
Location: Memphis
Posts: 777
Liked 60 Times on 48 Posts
Likes Given: 4

Default

1. Why did you take 1.5 months to notify ANY customers? I don't care what the circumstances are with your investigation, there is no excuse for 1.5 months delay for such an announcement. Honestly, that kind of delay for something that occurred way back in June should be downright illegal. I understand you need to consult with professionals on this matter, but you have a duty to notify customers in a timely manner. You put their CC's and accounts at risk with that move. Until you provide some sort of insight into WHEN you contacted CC companies, and what their actions were in response, I'm going to assume that doing such a thing had little to no effect, as customers continued to post that their CC's were stolen for quite a long time after the reported incident date (seen here).

2. Despite your efforts to mitigate the situation, your response didn't quite hit the mark. A $25 gift card? You SHOULD be offering fraud protection service (credit monitoring) to each and every one of these customers. That's the standard for compromised cards nowadays, at least from the past 2 experiences I've had. Somehow a $25 GC doesn't seem to instill any lost confidence from what happened.

Additionally, simply telling customers basically "trust us we fixed it" in no way will solve your problems. The lack of transparency about what's transpired, combined with dodgy responses and downright denials over the past months, shows that you're still hiding something (namely that you REALLY messed up and didn't follow compliance regulations, held onto customers' CC #'s without permission, and more), and will only hurt you further.

__________________

Primary #1 (SS Brew Bucket):
Primary #2 (SS 7G Chronical):
Primary #3 (Better Bottle): Rye Saison
Secondary #1: Pinot Grigio Kit
Secondary #2: Pinot Grigio Kit
Secondary #3: Gewurztraminer Kit
On-Deck:
Kegged & Waiting: Citra Black IPA
ON TAP: n/a
2014 Beers So Far:
Belgian Wit | Burton IPA | Belgian Wit | Black IPA | Rye Saison | Hefeweizen

nickmv is offline
4
People Like This 
Quick reply to this message
Old 09-02-2013, 02:27 AM   #3
jeffjm
Custom Yeast Home Builder
HBT_SUPPORTER.png
Feedback Score: 0 reviews
 
jeffjm's Avatar
Recipes 
 
Join Date: Aug 2010
Location: St. Louis, Missouri
Posts: 434
Liked 79 Times on 54 Posts
Likes Given: 15

Default

Nick, I have to say I have some sympathy with your points, but I also am sure Midwest has had lawyers telling them not to say anything up until now. Damned if you do, damned if you don't.

The interesting things to me are that the official statement came on the Sunday night of a 3-day weekend when it would get minimal attention, and that a quick visit to the Midwest site didn't show anything about the problem.

And finally, once there's been a breach like this, it's very hard to know for sure that the perpetrator is completely gone. Outsiders have no way of evaluating the risk of recurrence.

__________________

I set out running but I take my time.

jeffjm is offline
 
Quick reply to this message
Old 09-02-2013, 02:29 AM   #4
nickmv
HBT_SUPPORTER.png
Feedback Score: 0 reviews
Recipes 
 
Join Date: Mar 2010
Location: Memphis
Posts: 777
Liked 60 Times on 48 Posts
Likes Given: 4

Default

Jeff, I knew full and well with my opinion that it has legal ramifications, but my point still remains and is just as valid as any legal points they may have.

And yes, it's quite convenient that they posted it now, and haven't bothered being very public with it at all.

__________________

Primary #1 (SS Brew Bucket):
Primary #2 (SS 7G Chronical):
Primary #3 (Better Bottle): Rye Saison
Secondary #1: Pinot Grigio Kit
Secondary #2: Pinot Grigio Kit
Secondary #3: Gewurztraminer Kit
On-Deck:
Kegged & Waiting: Citra Black IPA
ON TAP: n/a
2014 Beers So Far:
Belgian Wit | Burton IPA | Belgian Wit | Black IPA | Rye Saison | Hefeweizen

nickmv is offline
 
Quick reply to this message
Old 09-02-2013, 02:32 AM   #5
ChefRex
I once had a thought,
HBT_LIFETIMESUPPORTER.png
Feedback Score: 4 reviews
 
ChefRex's Avatar
Recipes 
 
Join Date: Dec 2012
Location: Woodbridge, NJ
Posts: 4,868
Liked 2253 Times on 1417 Posts
Likes Given: 3462

Default

"The interesting things to me are that the official statement came on the Sunday night of a 3-day weekend when it would get minimal attention"
+1 on this

__________________
ChefRex is offline
 
Quick reply to this message
Old 09-02-2013, 02:48 AM   #6
Mongrel
Feedback Score: 0 reviews
Recipes 
 
Join Date: Oct 2010
Location: Sisters, Oregon
Posts: 1,635
Liked 176 Times on 122 Posts
Likes Given: 38

Default

I understand you got compromised, it happens. I'm glad you've taken care of the issues. What I really don't like is how you dismissed everyone here on HBT when they brought the issue to light.

__________________

THPTPTH!

Mongrel is offline
WhizardHat Likes This 
Quick reply to this message
Old 09-02-2013, 02:58 AM   #7
masskrug
Shooting for 80%
HBT_SUPPORTER.png
Feedback Score: 0 reviews
 
masskrug's Avatar
Recipes 
 
Join Date: Sep 2012
Location: , Florida
Posts: 1,164
Liked 160 Times on 113 Posts
Likes Given: 75

Default

Hey! You get a $25 coupon for your identity theft. That will almost buy you a kit.

__________________
Google Maps Water Report
masskrug is offline
 
Quick reply to this message
Old 09-02-2013, 03:00 AM   #8
wsender
Feedback Score: 0 reviews
Recipes 
 
Join Date: May 2011
Location: Rochester, NY
Posts: 48
Liked 5 Times on 3 Posts
Likes Given: 2

Default

All the apologist here who 'understand' don't understand that this wouldn't have happened if you were PCI compliant. Why are you even storing our numbers? Why aren't they processed then discarded? This is really unacceptable.

The inconvenience I suffered when someone racked up over $700 dollars worth of charges about 3 weeks ago is unacceptable too. Thankfully my bank denied all the charges. I'm not alone in this. Look at this post here, seems to be a common thread.

http://www.reddit.com/r/Homebrewing/...your_personal/

A $25 dollar gift card is paltry and insulting. Credit monitoring and some assurance about what you've done to stop this from happening in the future would have been a much better solution.

__________________
wsender is offline
3
People Like This 
Quick reply to this message
Old 09-02-2013, 03:04 AM   #9
PastorofMuppets
HBT_SUPPORTER.png
Feedback Score: 0 reviews
 
PastorofMuppets's Avatar
Recipes 
 
Join Date: Jan 2013
Posts: 456
Liked 51 Times on 37 Posts
Likes Given: 39

Default

I wont be making any further purchases. I have ran and managed sales sites, merchant accounts, pci compliance, etc for years. There are no excuses.

__________________
PastorofMuppets is offline
WhizardHat Likes This 
Quick reply to this message
Old 09-02-2013, 03:08 AM   #10
nickmv
HBT_SUPPORTER.png
Feedback Score: 0 reviews
Recipes 
 
Join Date: Mar 2010
Location: Memphis
Posts: 777
Liked 60 Times on 48 Posts
Likes Given: 4

Default

Quote:
Originally Posted by wsender View Post
All the apologist here who 'understand' don't understand that this wouldn't have happened if you were PCI compliant. Why are you even storing our numbers? Why aren't they processed then discarded? This is really unacceptable.

The inconvenience I suffered when someone racked up over $700 dollars worth of charges about 3 weeks ago is unacceptable too. Thankfully my bank denied all the charges. I'm not alone in this. Look at this post here, seems to be a common thread.

http://www.reddit.com/r/Homebrewing/...your_personal/

A $25 dollar gift card is paltry and insulting. Credit monitoring and some assurance about what you've done to stop this from happening in the future would have been a much better solution.
This x100000. I toned down my original response, but there really is absolutely NO excuse whatsoever for what happened. Having your server with CC #'s connected through the web? Absolutely ridiculous. That reddit discussion gets into where PCI compliance people can attest to the fact that what was done was inexcusable.

I will not be shopping with Midwest in the future, and will recommend that all friends go elsewhere (not even NB if possible, since they own Midwest). And assuming I was indeed a victim of this and get a $25 GC --- well, you can put it you-know-where.
__________________

Primary #1 (SS Brew Bucket):
Primary #2 (SS 7G Chronical):
Primary #3 (Better Bottle): Rye Saison
Secondary #1: Pinot Grigio Kit
Secondary #2: Pinot Grigio Kit
Secondary #3: Gewurztraminer Kit
On-Deck:
Kegged & Waiting: Citra Black IPA
ON TAP: n/a
2014 Beers So Far:
Belgian Wit | Burton IPA | Belgian Wit | Black IPA | Rye Saison | Hefeweizen

nickmv is offline
WhizardHat Likes This 
Quick reply to this message
Closed Thread



Quick Reply
Message:
Options
Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
midwest supplies techbrewie General Beer Discussion 9 09-11-2013 06:59 AM
Midwest Supplies Keg Kit jmmy3 Bottling/Kegging 11 02-19-2013 03:06 PM
Really, Midwest Supplies? Jakeintoledo General Beer Discussion 55 06-13-2012 01:35 AM
For Sale - $60 for $30 @ Midwest Supplies, 12/9 only Aberrix For Sale 9 12-11-2010 08:00 PM
Midwest Supplies: $30 for $60 in Home Brewing Supplies jerryalan General Beer Discussion 4 12-09-2010 05:49 PM



Newest Threads

LATEST SPONSOR DEALS