Important Statement From Midwest Supplies

Oh, and yeah, my wife's CC was affected as well. She just received her replacement card "Due to fraudulent activity" yesterday. She placed an order there in April for a gift card for me.

 

Sorry about the mistake on your order - PM me, or refer to the PM I sent you and we'll get the error taken care of.

 

They also said in the first post here that they acquired legal counsel. A lawyer is going to be more concerned about possible lawsuits then keeping people on a forum in the loop. Sorry if that's not what you want to hear but to me these threads are blowing up into a big witch hunt. Just my 2 cents.

 

PM sent, thanks!

 

This^^^^

Any company could get hacked. I get that. However, lots of companies do not deny it publicly, appealing to the trust and faith of their customers who are still holding on to compromised credit cards. I ordered on March 1. I have not noticed any fraudulent charges over the past months. However, yesterday I received new cards out of the blue and today I got my $25 parting gift from midwest stating:
"As soon as we discovered the breach, we took immediate measures to resolve the situation......."

Uhhhhhhh - no you did not. As soon as you heard about it, you denied that it happened to you ..... and continued to deny it happened...... Some of use used compromised cards for 6 months while you continued to deny any of it happened at all.

I will not shop at MW again for the way they handled it. I do not have faith that every other place has superior ability to prevent this type of thing from happening. But, I do feel that there are very few other places that would handle it as poorly as Midwest did. They have PROVEN what crappy customer service they have. That is enough for me.

 

With the connection between Midwest and Northern Brewer being shown in earlier posts, has anyone had the same issues with credit card info being stolen when ordering through Northern Brewer? I'm asking only because I placed an order through Northern Brewer prior to reading about this.

 

I've placed several orders with NB within the affected time period and not had any issues. I'm hopeful that the systems they use are separated enough so I won't have a problem. Having said that I'm definitely hesitant to use NB any further at this point. That really bums me out to because I've always been super happy with their product and support. I'll see how this plays out before I return my business to them.

 

Wasn't compromised, but also hadn't ordered since 2/27/13. Received the letter and $25 code today. Wonder how far back they are suspecting the hack occurred?

 

This entire thread is why the people that pay a bit more with cash at the LHBS are happy.

 

Actually, I was happy to find that almost everything is the same cost at my LHBS. Grain, hops, etc. Mind blown. Yahoo.

 

My closest LHBS is a 3.5 hour drive away...

 

Ouch. If I had to buy online, I'd get a cash card like paypal or some other collateral card. I'd think there are a bunch of them.

 

Every business makes mistakes, but how much they impact your business really depends on how they are handled after the fact.

MW clearly handled this very badly and if they had admitted responsibility and taken steps to move forward and help their customers deal with the repercussions of their error the blow back would have been greatly minimized. Instead they are the villain rather than a victim alongside their customers.

Very bad form Midwest.

 

I shop at Midwest and Austin. Ironically, the only time my card was hacked was from a small homebrew store in California.

My credit card companies are great about fraud prevention. It has only been a minor inconvenience when I have had issues.

The big point is that both Austin and Midwest dismissed dozens of HBT customers saying "hey guys, you might have a problem."

 

Pfft... You could also go to

Green Bay - http://www.houseofhomebrew.com/

Appleton - http://homebrewmarket.com/

Little Chute - http://www.ritebrew.com/

(Manitowoc, Plover, Oshkosh, etc...)

NE Wisconsin has an abundance of homebrew stores.

 

That's not what I said at all, nor inferred. Please go back and read though my posts again.

 

There is no difference to the point. Up until the compromise you'd have said exactly the same thing about MWS, without any inkling otherwise.

The point is, one needs to take steps for themselves beyond just taking your marbles and playing elsewhere because clearly a history of no breach doesn't mean there can't or won't be one tomorrow.

 

I won't shop at mw anymore basically because of their unbelievably poor service, this credit card thing will happen but the service is a trend. It took 2 months to get my last order and fulfilled and that was the one that was hacked. The poor service of informing us on the hack coupled with my last order is the end for me.

I'm of course not an idiot so I will use there $25 along with the $15 reward program that I have and get something for my troubles. Austin is closer for me anyways

 

This thread freaked me right out! I went to my CC transcripts and went over them with a fine toothed comb. Luckly, I seem to be ok right now. But I wonder how many folks are hacked, but don't realize it because smaller fraud charges are made and blend in with the other charges. A big charge is more easily noticed, but smaller ones can be like leeches sucking off you before you notice. Freakin' scary

Anyway, I never used MW. They were too high in price compared to other places anyway.

 

True - I think a lot of us have learned that we can take some steps on our own to protect ourselves when shopping on line. In addition, we have learned that MW has horse**** customer service. So, in the future, when I am improving my own protection for on line shopping, I will be doing it at a business that might have "better" customer service if an incident ever arises again. This could happen to any business. Midwest demonstrated that they are very, very, very crappy at handling it if it does happen.

 

It would be wise of the other online vendors to put out a notice on all the major online homebrewing forums to the tune of "In light of the recent CC fraud issues that have happened in our online community we would liek to advise our customers of the precautions we take to ensure their information is keep as safe a possible ...."

 

I honestly will shop at wherever has the best prices, and I'll use my credit card, and if it gets compromised, I'll have the charge removed since I have zero liability on any card I use.

That being said, however; if anyone is honestly defending Midwest at this point regarding their handling in the matter, they are one if two things: 1) An employee, or 2) Oblivious.

Were I on the board for this company, I would have already demanded a vote of confidence in the CEO (and since I'm only on boards that make decisions that are in the best interests of the organization, that vote would failed and the HMFIC would be ousted).

 

I don't understand the uproar.

I've have my credit card number compromised probably 1-2 times per year and while it's an inconvenience (especially while traveling), you have pretty much zero liability these days. If you're using a bank debit / EBT card, well that's just not very smart; stop doing that.

As a consultant in the industry, you'd be surprised how little is done to protect your privacy as a consumer. PCI, SOX, pretty much anything around PII, it's all a joke. I can't tell you how many large companies, financial companies, that I've worked with that don't put even minimal controls in place to protect your data. Not just with electronic storage but with paper copies. While it's easy enough to log when someone accesses an electronic document (although often it's not done), there's little that can be done when paper documents are handled without care and are easily obtained and copied.

SSNs and credit card numbers? They're everywhere. The breaches of concern are the ones that go unnoticed. Watch your credit card statements and move on with life...

 

It's a real shame that this went down the way it did. I've never ordered from MIdwest, as they've always seemed a little off on price, but due to this occurrence, I can't say that I ever will.

**** happens, I get that. A lot of us get that. Consumer beware. Cover your own ass first because there are no guarantees the vendor will. I would like to think that others like MoreBeer!, NB, AHS, etc have seen this and taken a step back to make sure they don't become the subject of another one of these threads, but how can we be sure? Be proactive (proteck 'yo neck).

What's a little disheartening to me is learning that NB an Midwest are essentially one in the same. Every kit I've ordered has been from NB except for a Pliny and Stone clone from AHS. I've ordered a lot of hardware from NB as well. I'm really happy with them as a vendor. Have I placed my last NB order? Most likely not. Will I be more inclined to do a little more comparison shopping with their competitors before placing my order? Most definitely so.

Ultimately, this has been a reminder to make a conscious effort to reevaluate my process of making online purchases. Well, The League season premiere is starting, time to go. It's going to be interesting to see where this ends up, but like most message board threads with potential for epic proportions, I don't expect us to get much more wind from this one.

 

They sound so on top of it in the media. Check out this Public Radio article:

http://minnesota.publicradio.org/display/web/2013/09/03/home-brew-supplier-hack

Why does the headline say "possibly" breached?

 

Yooper, if you're headed to Appleton on Friday, I'd be happy to meet you at the warehouse (in Little Chute, just north of Appleton). Shoot me an e-mail: [email protected]

 

Ok, let me state this again. Maybe you missed my post. My day job is making sure things like this don't happen to my customers.

But getting hacked is a risk of life on the internet. HOWEVER, what you are storing, and how you are processing it, along with how you are implementing defense in depth is important.

So while I cannot prove that all companies take security seriously, I refuse to do business with ones that have proven they don't take it seriously.

I do not understand why that is so hard to understand. Midwest not only didn't take security seriously, they also didn't handle the aftermath correctly. This COULD have been their wakeup call but their actions after leave me to believe it didn't.

As already mentioned, Austin Homebrew was hacked. They recognized it quickly, keep the line of communication open, and discuss why it happened and how they were going to fix it.

Internet purchases are a way of life. Supporting companies that knowingly don't give a **** gives them the impression it doesn't matter. You can't escape purchasing things online. That means you should support companies that take it seriously and show them that if they don't then they lose business.

 

Fair enough. I use a pretty big credit union and they've been a lot more supportive of fraud issues in the past. They've typically only been a couple hundred $$$ and only one or two transactions. Because this particular incident happened over weekend when I wasn't watching my online account, they racked up 30 transactions up to $2400. I don't know if the dollar amount is what changed their policy or just something new across the board.

As a customer and a merchant that has experience with Paypal, I agree that they pretty much suck on all fronts EXCEPT that they are overly cautious about fraud. I do suffer chargebacks, but I would bet it's the lowest of any merchant processor anywhere.

 

True, i think for a lot of people this is just the straw the broke the camels back. The money disappearing can be a pain in the ass for a few days while you get it sorted, but what bothers most people i think is being lied to for basically 2 months in the previous thread that started this whole thing where they were adamantly posting it was not them, while apparently at the same time having an internal investigation on it.

Also 2 months for an investigation? When it comes to internet fraud, hours and days matter and they sat on the information for nearly 2 months.

 

Data Breach Communication 101: http://usa.visa.com/download/merchants/cisp_responding_to_a_data_breach.pdf

The only reason to wait this long is if the law enforcement felt that disclosing the breach would hinder their investigation.

 

I feel like they have mishandled the situation as well. In a perfect world, they would say "Hey, we screwed up. Allow us to fix it, and tell you how we'll do better going forward." That would be enough to earn me back.

However, a perfect world doesn't have attorneys and civil liability. I just don't see that happening. They'll take their licks, people will whine for a while, and it'll all be forgotten a year from now.

 

I got this from Williams Brewing today. Looks like they are lining up for the lost customers.

__________________________________

Integrity & Service?

There has been a lot of talk online recently about integrity, customer service, and investor buyouts in the home brewing business. This has led me to think back over the years about William's Brewing and the job we have done. Have you ever been dissappointed by us, and why? Conversely, if love what we are doing, I am not ashamed to say I love praise. As the founder of William's Brewing, I feel personally responsible for everything we do.


My email address is [email protected] and I will read and respond to all your responses regarding William's Brewing and its reputation and integrity (they will be kept private and not published). Thanks in advance for your complaints and praise.

As always, we thank you for your business over the last 34 years.

 

I received that as well. Not to mention the awesome deal on the bag of malt.

 

It seems Williams Brewing sees an opportunity here to capitalize on Midwest's poor handling of this.

 

Seems very distasteful and predatory to me.

I'm very surprised Midwest hasn't weighed in on this thread beyond the initial post. There's clearly a lot of ire and they seem to be totally unconcerned by it.

 

I too was directly affected by this breach to their database. I had about $300 in fraudulent charges occur before being alerted by my credit card company. The charges were waived off my account and I was given a new account number and card.

Like so many have conveyed in these 20+ pages of rants, I too am no longer a customer of Midwest Supplies due to the absolutely horrible way this entire ordeal was handled. The lack of timely notification to customers was ridiculous. The $25 gift card concept seemed completely absurd when they are trying to retain customers from a financial breach of customer records. They should have offered a full year fraud monitoring at their expense. To me, that would have shown that they truly have our financial lives in mind, and not just saving face after-the-fact.

I have subsequently directly called Midwest & Northern Brewer and requested all my customer and financial data be removed from their database(s). I included NB since both are owned by the same holding company. I also filed a BBB complaint against Midwest over this incident.

 

Id have done this a long time ago. I don't see it as distasteful at all. No where does Williams discredit any other business. They are just reaching out to their customers to make sure that they are happy. Its being proactive. Something MW could have done a better job at. As for predatory, maybe. I could see that, but after all they are in competition with all the other homebrew shops of the world. If the choices are predator or prey, Ill take predator every time.