Kolsch_Meister
Well-Known Member
hey **** happens my card was used but we caught it and my bank gave us the money back i for one will still use midwest again,if you choose not to you are letting the hackers and crooks win shop midwest
+1!
hey **** happens my card was used but we caught it and my bank gave us the money back i for one will still use midwest again,if you choose not to you are letting the hackers and crooks win shop midwest
That's half my point...other companies may be as bad. It just seems a bit hypocritical to take one's business elsewere, while acknowledging (or not considering) elsewhere may not have any better security than MWS (did).
The issue is not that Midwest was hacked. That can happen. The problem really is that people feel as though they've done a very poor job handling the crisis.
The good news, undoubtedly Midwest folks ARE monitoring this thread and you can bet they are recognizing how seriously their poor situation management is effecting them.
I suspect they'll work very hard to avoid this kind of debacle in the future.
They screwed up big-time and I expect they are as chagrined as anybody about it. I don't know if I'll use them again or not, but if I do, I'll only go through paypal. (That's what I've used with them in the past, and is likely why I haven't seen funky transactions.)
Check out beveragefactory.com
I'm lucky in that I have a very well stocked & experienced LHBS less than ten minutes away. No issues w/ stored CC info and they're rarely out of stock on anything.
I did make a few purchases from NB early on but that's now going to come to an end.
Now, can someone tell me what kind of identity theft is possible with the information that was stolen from Midwest (address/name/CC #)? It's not like someone can open another CC account in my name without my birthdate and SSN, right? Though I suppose they could steal that from somewhere else.
How is it hypocritical? For instance, I have used Rebel Brewer in the past. They may or may not have superior security but I DO KNOW for a fact that Midwest was lazy about it.
In one case, I know Midwest did not take security seriously. The other is an unknown but I will take my business elsewhere if shown to not take stuff seriously. AND if everyone does the same, it sends a HUGE signal to the other stores that they risk ruin if they don't take things seriously.
I take my business elsewhere as a statement that I will not do businesses that don't take security seriously.
It's hypocritical because you acknowledge you're going to take your business elsewhere, assuming the other places are doing things you're trying to punish MSW for not doing.
Todd H (Northern Brewer)
Hi (your name here),
We are the same company but separate brands. We have a web site and customer accounts completely separate from Midwest. Please let me know if you have any other questions.
Cheers!
It's hypocritical because you acknowledge you're going to take your business elsewhere, assuming the other places are doing things you're trying to punish MSW for not doing.
beernutz said:So no matter what a merchant may do to compromise your account information you would never stop shopping with them because other merchants also have the potential to do the same?
I'm not effected by this whole thing bc I never used MW, but logically thinking a place that got hacked would then be on top of things big time going forward where others who haven't been might not be as vigilant. I'd think that now that the issue is resolved with MW they'd be one to not have this happen again..
Not to say my thinking is totally sound/correct or that anyone is wrong to find other retailers or be upset, I would be too!
I want to make it completely clear that I'm not leaving Midwest because they were hacked or even that the hackers got my cc info. I'm leaving midwest because they lied to us. They said it wasn't them flat out. They should have said we're investigating it, but they didn't. I just think they have handled this whole thing wrong from the start, and this $25 gc is like salt on the wound.
So part of me says screw 'em and part of me says, give 'em a break...
It's easy to place blame (which I'm guilty of) but then you walk a mile in another man's shoe and quickly see what's really goin' down...
We regret not providing an update sooner, but we did not want to comment publicly until our investigation was complete and we were able to identify and notify those potentially affected.
Our investigation has now been completed and we are satisfied that the situation has been resolved and that all affected customers have been identified.
In a normal company the management would've went to the IT and asked 'Was our server breached?'
IT, fearing for their jobs/reputation, would respond, 'Well it passed the PCI check!'
Getting hacked is a risk that all online vendors take. Most consumers understand that and are willing to give some leeway. What I and many others can not excuse is how Midwest responded to the situation. Denial, blame shifting and avoidance.
Austin Homebrew was hacked. They admitted it, made amends and their customers stood by them (for the most part). Midwest failed to act in good faith and now they have lost me as a customer.
As an IT professional and someone who's credit card was used fraudulently after buying from Midwest, I'd like a better explanation of exactly what happened. Details.
I want to know this too, I luckily had my cc company refuse the random charges that I had but I still had to get a new cc while on vacation which was a pain in the rear
This x100000. I toned down my original response, but there really is absolutely NO excuse whatsoever for what happened. Having your server with CC #'s connected through the web? Absolutely ridiculous. That reddit discussion gets into where PCI compliance people can attest to the fact that what was done was inexcusable.
I will not be shopping with Midwest in the future, and will recommend that all friends go elsewhere (not even NB if possible, since they own Midwest). And assuming I was indeed a victim of this and get a $25 GC --- well, you can put it you-know-where.
If that's what happened, management
needed to be smart enough to realize IT didn't answer the question that was asked. IT also needs to be smart enough to raise potential problems ahead of time, and document the response from management or lack thereof. Unfortunately the odds of us ever seeing those internal communications are slim and none.
This is humorous. A job listing for a VP of IT/eCommerce at Northern Brewer on July 25th. Also confirms the merger of Midwest and NB. Talks about David Kidd (he's an Eagle Scout but apparently didn't get the data security merit badge).
He raved about the outgoing CIO.
I assume the job's been filled. Nice firestorm that person just walked into.
http://ecommercejobs.com/2013/07/northern-brewer-seeks-a-vp-of-it-ecommerce-st-paul-mn.html
I have a question, which vendors are alternatives for brewing kits?
Especially if Northern and Midwest have/are merged?
I have a question, which vendors are alternatives for brewing kits?
Especially if Northern and Midwest have/are merged?
I am in the same boat. I had two fraudulent charges from Western Union last month that totaled $715. The charges resulted in NSF fees as I was not aware of them until it was too late. I have blocked my card and my bank has temporarily credited me for the charges and fees pending an investigation. I will be forwarding them a copy of the letter. This was a major PITA for me!
I read through this post and the original post started back in the beginning of July and I am a little lost. I cant find a single post in the last thread where they said flat out that it was not them. The last post in that thread they made was about there third party investigation and said it was still ongoing. They have also said that they don't store your complete cc info on there server only the last 4 digits and expiration date, and you can opt out of that. They also stated in the first post here that the info was captured at the time of the transaction. To me this says that there was some sort of malicious software in there network capturing the info and sending it to the hacker. I have never purchased anything from them but reading all this would not keep me from doing so in the future. To me some of these posts look like those advertisements you see around election time if you know what I mean.
"Thank you to everyone that has contributed to this thread and contacted us regarding your concerns. At Midwest Supplies we take our customers' data and information security seriously. After thoroughly investigating the concerns in this thread, we do not believe they were related to purchases made at Midwest Supplies. If anything changes we will let you know. If anyone has concerns regarding their order or credit card data, please contact our customer service team at 888-449-2739 or [email protected].
We value the trust our customers place in us every time they order from Midwest Supplies. We take this trust seriously: our website is secure and encrypted, it is scanned daily to guard against any attacks, we are PCI compliant, we maintain cyber insurance, all of our employees must pass criminal background checks, and we do not store credit card information on any of our systems.
As fellow brewers and winemakers, we want to make sure you can focus on making the best possible beer or wine, every time. We will do our best to guard your information and maintain your trust.
Thanks again and Cheers."
We wanted to provide you an update on our on-going investigation into the credit card security matters raised in this Forum.
As part of our investigation, we have involved a number of third-party specialists in web server management, website applications management, website security and credit card processing. Each of these parties, in coordination with the others, has undertaken to assess how and when credit card data could have been compromised.
One of the complicating factors to the investigation is that we store no credit card data. All credit card information is transmitted securely to the credit card processors at the time of the transaction; no credit card information is retained.
A second complicating factor is that the credit cards in question were last used for a Midwest Supplies purchase during a wide ranging period, weeks to months before the fraudulent activity took place.
At this point, none of the third-parties nor our own team have identified how or when credit card data could have been compromised.
We take data security very seriously and are working to complete our investigation as soon as possible.
If anyone has concerns regarding their order or credit card data, please contact me directly at [email protected] or 952-562-5354.
Thanks again and Cheers.
Todd Jackson
Customer Service Manager
Midwest Supplies
In the original thread post #52
This says they where still trying to figure out what happened.
In the original thread post #52
We wanted to provide you an update on our on-going investigation into the credit card security matters raised in this Forum.
As part of our investigation, we have involved a number of third-party specialists in web server management, website applications management, website security and credit card processing. Each of these parties, in coordination with the others, has undertaken to assess how and when credit card data could have been compromised.
One of the complicating factors to the investigation is that we store no credit card data. All credit card information is transmitted securely to the credit card processors at the time of the transaction; no credit card information is retained.
A second complicating factor is that the credit cards in question were last used for a Midwest Supplies purchase during a wide ranging period, weeks to months before the fraudulent activity took place.
At this point, none of the third-parties nor our own team have identified how or when credit card data could have been compromised.
We take data security very seriously and are working to complete our investigation as soon as possible.
If anyone has concerns regarding their order or credit card data, please contact me directly at [email protected] or 952-562-5354.
Thanks again and Cheers.
Todd Jackson
Customer Service Manager
Midwest Supplies
This says they where still trying to figure out what happened.
Enter your email address to join: