Important Statement From Midwest Supplies

Williams 728
Homebrew Talk - Beer, Wine, Mead, & Cider Brewing Discussion Forum

Help Support Homebrew Talk - Beer, Wine, Mead, & Cider Brewing Discussion Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
Taz420NJ said:
And to think I was just the other day going to order some fittings and stuff from them.. Glad I didn't..
Click to expand...

Just picked up a chest freezer this weekend and was looking to do a dual tap system, I know where I won't be looking now. Additionally, I was looking to reorder NBs dead ringer ipa and black ipa for two of my friends to brew as they loved those beers...LHBS it is as it sounds like NB and MW are affiliated with each other.

I think emailing their customer service is a start to let them know why we won't be doing business with them. It also wouldn't be a bad idea to hit up twitter/Facebook and online reviews (especially google/yelp).
 
Not that I'm a conspiracy buff or anything, but if Someone was looking at acquiring MWS, this recent turn of events would certainly make them more affordable. I can see a bunch of suits walking into a conference room saying "Your web traffic is down by 60%"

Any conclusions you might draw from my comment were entirely unintentional.
 
I got the letter today about the issues, I'm still baffled as to why it took this long for Midwest to fess up. despite them saying over and over that it's not them. Now the one thing i noticed that i thought was a no-no for any PCI shop was storing the CCV numbers in the database in which the letter said that information was also breached. It was my understanding that these numbers are not allowed to be stored but used only for the initial verification.

https://www.pcihost.com/blog/2013/02/merchants-cvv-codes/

I know for the company I work at there is a massive fine for every CC number that gets stolen. I can only hope that midwest is under the same scrutiny. and they can keep their $25 coupon.
 
Don't forget to avoid NorthernBrewer.com

I don't care if they claim they aren't the same company. If you unsubscribe from the midwest emails and click complain about unsolicited emails, it will send an email to [email protected]

Both sites have lost my business.
 
Hmmmmmmmm..... well, that is interesting - Wife just asked why the credit card company would be sending us new cards........ "An unnamed company has reported a breach in their security - this does not mean your account has been used.... but your current cards are being deactivated....."

Perhaps coincidence.... perhaps the purchase from MW late spring?
 
I was notified of some unusual charges by Chase about four weeks ago, they cancelled the card, did not hold me to the charges (online gaming sites in my case) and had a new card overnighted to me. Good on them for such a quick turn and the impact was minimal. I did not know at the time what caused the compromise, but today received the letter from MidWest.

I may be slammed here, but I have been a customer of theirs for a few years, between them and local shops, and try and buy mostly local, but have dropped about a grand with them since 2010. Most recently, a 10lb CO2 bottle they sent leaked from the pr valve; they not only sent out a replacement, but a shipping label to return the defective bottle with pick-up from UPS. I have not had the kind of bad customer service issues others have stated here, so can only speak to my own experience.

As someone stated earlier on this thread, if you have never had a card compromised, you are probably in the minority. This is my 4th or 5th since the first card was stolen in 1994, so once every four or five years to me is not that big of a deal. It is part of the risk we take for the convenience of shopping online and the reality of sophisticated hackers.

Though I am not happy with the long notification time - I do not check this forum every day for new posts and only looked for this incident today when I got my letter - my experience with Midwest as a whole has been positive.

EDIT: I just re-read the letter, not only the CC number, but email address, physical address, phone number, and CV code.

This whole package of identity theft now has me pissed off. It may not be enough to simply replace the card.
 
Braufessor said:
Hmmmmmmmm..... well, that is interesting - Wife just asked why the credit card company would be sending us new cards........ "An unnamed company has reported a breach in their security - this does not mean your account has been used.... but your current cards are being deactivated....."

Perhaps coincidence.... perhaps the purchase from MW late spring?
Click to expand...

I got a similar type of notice some years back. I never did find out who got breached for me to get a notice nor did I ever see any type of fraudulent charges, before or after.

In your case it might be due to MWS, it might not be.

What I do know is that since I discovered a while back that I can generate virtual card numbers for exact amounts that are done and gone after use (or after a time out period you can specify in case of non-use) that's what I use for my online purchases.
 
Wow I just saw this thread today between work and school . I was wondering if this was the case since someone just charged 1,100$ to my credit card back in August. I guess I just found my answer since I found the same letter from Midwest in my mailbox tonight .

Thanks
 
I think I was likely affected as well. I just got back from a 3 week vacation, so I'm way behind on snail mail so I haven't seen if I got a letter.

I got a random $300 bestbuy.com purchase on my credit card back in February. Five days earlier I used that card to place an order with Midwest.

I'll have to follow up once I get through the mail and see if I've truly been affected.
 
TheWeeb said:
...Most recently, a 10lb CO2 bottle they sent leaked from the pr valve; they not only sent out a replacement, but a shipping label to return the defective bottle with pick-up from UPS...
Click to expand...

Only issue I have with that is I don't see it as excellent customer service - I see that as what should be expected if an item is received defective. I know some other companies can be an extreme hassle to deal with to get returns like this but that only shows those companies have bad customer service not that doing what you should do is great customer service. I agree it is nice to not have to fight to get what should be expected :D

Relating that rant to this thread - as what has been said before MW is not even offering the normal level of customer service that is usually done = they must have some pretty bad legal/PR advisors!
 
Another cc fraud victim here. I had purchased an item from MW in April, In July there were fraudulent charges. I caught it quickly and everything was secured within a few days.

Biggest thing to remember is to use just one cc for online purchases and nothing else. Easy to spot irregularities and cc company will do most of the work.

Btw, I received the $25 letter today.
 
MSU_BREW said:
Just picked up a chest freezer this weekend and was looking to do a dual tap system, I know where I won't be looking now. Additionally, I was looking to reorder NBs dead ringer ipa and black ipa for two of my friends to brew as they loved those beers...LHBS it is as it sounds like NB and MW are affiliated with each other.

I think emailing their customer service is a start to let them know why we won't be doing business with them. It also wouldn't be a bad idea to hit up twitter/Facebook and online reviews (especially google/yelp).
Click to expand...

Check out beveragefactory.com
 
Just got my letter for the broken sight glass i ordered. Dear Midwest GFY. Wife tore up my 25$ gift car code and filed it in the round file....
 
Hhhmmmm.... I've only ever ordered from MW once. That was back in January of 2012. I haven't had any issues.

However, my wife ordered me a couple stocking stuffer gifts from MW around Christmas time of 2012. In January, she was issued a new card and given the "unnamed merchant reported a breach" reason. Will we get to tear up a $25 coupon?

And I was just thinking one of their kits looked interesting to me. Guess I won't be buying that.

Also, anybody that isn't sure that MW and NB are virtually the same company should compare catalogs. Notice the Darkstar outdoor burner that NB introduced not long ago is now available through MW. Also, suddenly NB's website featured a 20 minute boil kit, and MW's catalog has a whole section of 20 min. boil kits.
 
I got hit too. There were 3, $1 charges and my bank called me right away and closed the card. One charge was to some surf shop in Australia and the other 2 were to Facebook. I never realized Midwest had anything to do with it until I saw this thread. I did not receive a letter either. I the end I didn't have to pay a dime, was without my credit card for a few days and spent a total of about 10 minutes in the issue. I have more than one credit card so I wasn't put out at all.
 
You know what gets me mad as heck, is MW was on another thread saying "NO, NO it's not us" when they knew it was them. Not only are they liars, but they refuse to come clean, up until they have no choice.
 
FYI, I know several people that work for midwest/northern brewer, and I worked there until recently, and can definitely confirm that they are owned and operated by the same company. They merged about 6 months ago and proceeded to merge management (read: fire people that were "redundant") and move order processing and customer service to northern's HQ. Local MW customer's will notice that they no longer have a shipping facility at their main retail location, because it is merged with NB.
 
tdogg said:
FYI, I know several people that work for midwest/northern brewer and can definitely confirm that they are owned and operated by the same company. They merged less than 6 months ago and proceeded to merge management (read: fire people that were "redundant") and move order processing and customer service to northern's HQ. Local MW customer's will notice that they no longer have a shipping facility at their main retail location, because it is merged with NB.
Click to expand...

Looks like the business registrations for Northern Brewer, LLC (Foreign) are inactive after being revoked in Feb 2013, according to the MN Sec of State office. Their state of organization is Delaware. There are no active business registrations for Northern Brewer in MN.

Midwest Supplies, LLC has a filing in March 2013 for a Foreign LLC organized in Delaware.

Something is going on here...

I should add that I was not affected by this but they screwed up my grain. One more chance to fix it and then I am done.
 
Got my lucky winner letter in the mail today from MW for my "card used in a transaction back in April 2013." Well, that's awesome. Was it my bank card, which has been canceled by my bank recently due to potential compromises, or my Discover card, which is still active? I found the letter less than helpful.

But hey, I got $25 I can spend online...at the same site that compromised my information...wait, um...uhh...

Seriously, MW did a half-ass job protecting customer information. We can bemoan this all we want on here (and rightfully so), but the best way to vote is with your wallets.
 
I just received my letter today. I heard about this a few weeks back and was wondering if I was possibly affected. Calling USAA tomorrow.

I was already a little peeved at Midwest after ordering rhizomes from them back in the Spring and having all of the Northern Brewer rhizomes have visible mildew on them and one of the 2 cascades being broken into 4 pieces. I only had one usable rhizome.

This fraud debacle is pretty lame. However, I am not going to give up on them... I am going to give them a chance to make this right. If they dont take further steps to handle this appropriately, they are written off.

What would I like them to do?

1-) Explain that, not only did they mess up with security, they messed up with the way they handled this situation. Then explain why there was a delay in their response. I don't care if lawyers told you not to. You could have at least sent out a sanitized alert telling people to be on the look out with more detailed info to follow. Put your lawyers and PR department in the same room.

2-) Offer 1 year fraud protection to all of those within the window of time for fraud. This might cost you a bit... It is the cost you pay. Maybe you have an insurance policy that will cover part of this?

3-) Explain, in detail, the steps you have taken to prevent this in the future.

This one is the biggest for me. I work in IT and security is a large part of what I do. Telling me it wont happen again is great. That is not good enough. Intrusion protection/notification, SSL encryption, etc. If you want, I can even offer my services. I am pretty good at what I do. Are you? That should be your goal.

As my favorite home improvement television host, Mike Holmes, says "Make It Right".
 
ProfSudz said:
Midwest and their customers were both stolen from. I'll burn down the correct hut when dealing out rage
Click to expand...

Not really, MW allowed for the info to be stolen. They personally did not loss anything from the stolen CC info, only the trust of their existing customers from THEIR own actions when dealing with this issue. I think it is more than justified to burn down MW (and NB) hut for this (figuretivily speaking of coarse:))
 
mattd2 said:
Not really, MW allowed for the info to be stolen. They personally did not loss anything from the stolen CC info, only the trust of their existing customers from THEIR own actions when dealing with this issue. I think it is more than justified to burn down MW (and NB) hut for this (figuretivily speaking of coarse:))
Click to expand...

Chris from northernbrewer emailed me that he deleted both my midwest and NB accounts upon my request so as everyone knows, they are one in the same.

Chris said this has been the hardest thing of his career but as someone that is involved in security, it was not only preventable but negligent in my opinion. I am sure Chris had no idea how insecure the website was but it is the job of the people up top to hire quality people who understand security. And in my vast experience, most developers don't think security first. It is an afterthought. That is why you need to hire people that focus on security.

I wouldn't be shocked to hear that midwest and NB also store your passwords instead of salting+hashing them. I don't know what they do but I would certainly be nervous about it.

The college pick'em football league that I developed myself was more secure than their website. Companies that store more than what is absolutely needed are asking for trouble and do not value their customers therefore do not deserve our business.
 
Everyone who says they're bailing on on MWS and NB, what have you done to ensure every other place you're doing online business with has top notch security?

Or, are you just assuming these other places are on top of it?
 
thatjonguy said:
Looks like the business registrations for Northern Brewer, LLC (Foreign) are inactive after being revoked in Feb 2013, according to the MN Sec of State office. Their state of organization is Delaware. There are no active business registrations for Northern Brewer in MN.

Midwest Supplies, LLC has a filing in March 2013 for a Foreign LLC organized in Delaware.

Something is going on here...

I should add that I was not affected by this but they screwed up my grain. One more chance to fix it and then I am done.
Click to expand...

Not sure of specifics but to this but many businesses form/incorporate thru Delaware, not sure why but it must be easier somehow.. I work for NYS & deal with business name amendments from time to time and many provide Delaware docs.

Sorry to derail the thread!
 
whoaru99 said:
Everyone who says they're bailing on on MWS and NB, what have you done to ensure every other place you're doing online business with has top notch security?

Or, are you just assuming these other places are on top of it?
Click to expand...

There are no guarantees but if companies understand that people will bail on them if they do not take security seriously, they have every reason to take it seriously.

Look, getting hacked happens. I am not pissed about the fact that midwest got compromised. I am pissed they did so many things wrong. They stored CVV numbers. That is a big time no-no. They denied they were compromised when there was a huge number of people telling them. It is the equivalent of sticking your head in the same. When they found out, they didn't let people know for 1.5 months.

And insult to injury was giving me a $25 coupon that would require providing them another credit card number. No thanks.

So yes, other companies might be as bad. And if other companies get compromised AND handle it this poorly, I will stop doing business with them.
 
My cc# got stolen by a local restaurant and someone bought $400 in gas in one day. I got nothing from the restaurant. My bank actually notified me about it and took care of the problem.
 
jleonar said:
So yes, other companies might be as bad. And if other companies get compromised AND handle it this poorly, I will stop doing business with them.
Click to expand...

That's half my point...other companies may be as bad. It just seems a bit hypocritical to take one's business elsewere, while acknowledging (or not considering) elsewhere may not have any better security than MWS (did).

The other half is taking measures to protect yourself. With the concern for online security, identity theft, etc. wouldn't it be wise to proactively check it out or change something (like use virtual CC numbers) rather than try to manage it after the fact?

As the old cliche goes, gotta look out for #1.
 
whoaru99 said:
That's half my point...other companies may be as bad. It just seems a bit hypocritical to take one's business elsewere, while acknowledging (or not considering) elsewhere may not have any better security than MWS (did).

The other half is taking measures to protect yourself. With the concern for online security, identity theft, etc. wouldn't it be wise to proactively check it out or change something (like use virtual CC numbers) rather than try to manage it after the fact?

As the old cliche goes, gotta look out for #1.
Click to expand...

You do have a very fair point, one that I can't deny is interesting to think about.

I'm placing an order today with Rebel Brewer, but before I order, I'm going to mention to them about this (I'm sure they already know), and ask if they store any of that info to a connected webserver, etc. I have full confidence that they are well-secured and that this won't happen, and I know for a fact that my card info isn't saved on the shopping front-end as I always have to re-enter my payment.

Regardless, folks, check your other supply stores and make sure you're safe there too. I'm sure a decent number of them use the same eCommerce system, but each one is unique.
 
I'm lucky in that I have a very well stocked & experienced LHBS less than ten minutes away. No issues w/ stored CC info and they're rarely out of stock on anything.
I did make a few purchases from NB early on but that's now going to come to an end.
 
whoaru99 said:
What more would you suggest they say at this point?
Click to expand...

I think we've been very clear about it.

1. Forget the $25 gift card -- nobody wants it. What we want is 6months to 1 year of fraud protection credit monitoring service. This is standard when a company gets hacked for CC's. Telling customers to simply watch out for fraud charges when it's not the customer's fault is a slap in the face.

2. We want a full explanation of what they've ACTUALLY done to prevent it in the future. At this point, they've essentially told us to simply trust them.


That's a good start. Something tells me you didn't read through this thread all the way.
 
I did read it, mostly, but what took most notice of is that lots of people seem to be jumping ship into potentially unknown waters, as I pointed out in my earlier post.

If that's the stuff you want then I suggest you contact them directly and ask for it.

Should it have been offered, straightaway? Yeah, probably, it should have been but it wasn't. I understand that's part of the point, but why not ask directly, rather than through a forum, if it's a concern. Worst they can say is "No".

This again goes back to looking out for #1. Make lemonade... :)
 

Similar threads

241
For Sale Gas HERMS HLT, Blichmann Stuff, Pump
Replies
8
Views
1K
muddyballz
M
D
4 * 5l Mini Keg Kegerator
Replies
5
Views
2K
draftvader
D
B
Sparkling Wines & Carbonation
Replies
2
Views
3K
ShellinTX
ShellinTX
Pappers_
Omega's Gene-Edited Super-Fruity Yeasts
Replies
3
Views
3K
TenaCJed
TenaCJed
S
response from grainfather management
Replies
37
Views
6K
augiedoggy
augiedoggy

Latest posts

Back
Top