Important Statement From Midwest Supplies

[WileECoyote]

1. Why did you take 1.5 months to notify ANY customers? I don't care what the circumstances are with your investigation, there is no excuse for 1.5 months delay for such an announcement. Honestly, that kind of delay for something that occurred way back in June should be downright illegal. I understand you need to consult with professionals on this matter, but you have a duty to notify customers in a timely manner. You put their CC's and accounts at risk with that move. Until you provide some sort of insight into WHEN you contacted CC companies, and what their actions were in response, I'm going to assume that doing such a thing had little to no effect, as customers continued to post that their CC's were stolen for quite a long time after the reported incident date (seen here).

2. Despite your efforts to mitigate the situation, your response didn't quite hit the mark. A $25 gift card? You SHOULD be offering fraud protection service (credit monitoring) to each and every one of these customers. That's the standard for compromised cards nowadays, at least from the past 2 experiences I've had. Somehow a $25 GC doesn't seem to instill any lost confidence from what happened.

Additionally, simply telling customers basically "trust us we fixed it" in no way will solve your problems. The lack of transparency about what's transpired, combined with dodgy responses and downright denials over the past months, shows that you're still hiding something (namely that you REALLY messed up and didn't follow compliance regulations, held onto customers' CC #'s without permission, and more), and will only hurt you further.

+1 This ^

MidWorst strikes again.

Cheers

 

[opus345]

I have had the Chase card number stolen and used a couple times. Chase is pretty good. Called and asked if I made these out of the norm charges, etc. This will happen when you shop online.

I have also had my data stolen when Monoprice was hacked. Monoprice's story sounds much like MW, except Monoprice did buy a year of Identity Theft Insurance for those who had ids stolen. Gotta say that MW response is not going to win them back any impacted customers. They could be thinking that there is no bad publicity. Hey, when the TJ Maxx breach happened and it was in the media, sales shot up for a period of time. TJ Maxx? Hey, I need new socks! But then TJ Maxx had to pay.

As you can see at the Privacy Rights Clearinghouse, MW is not alone (and those are only the ones reported/discovered).
http://www.privacyrights.org/data-breach/

Some other breach blogs:
http://www.usdatacorporation.com/info/2011/10/13-embarrassing-data-breaches/
http://www.scmagazine.com/the-data-breach-blog/section/1263/
http://www.databreaches.net/category/breach-reports/page/3/
http://www.esecurityplanet.com/network-security/midwest-supplies-suffers-data-breach.html

 

[ktblunden]

Midwest has handled this horribly from the start. For starters, they mishandled customers' information. Then they denied any culpability when a thread was posted in June, despite already knowing they had had a breech. Then they waited over a month to notify customers who may have been affected. Then they chose to make the announcement on a message board in the middle of a long weekend so it would get less attention. Finally, they are not offering identity theft insurance to those who had their information stolen due to MW's mishandling, but instead offer a GC, essentially requesting you trust them with your information again. I've only ordered a couple times from them, but I will definitely not be ordering from them ever again and will go out of my way to warn others that they will do the bare minimum to protect your info and then tell you to your face that they had nothing to do with it being stolen.

 

[butterpants]

Well it looks like I won't be ordering from Midwest anytime soon. Sucks for you.

YOUR FAILURE TO PREPARE HAS CAUSED AN EMERGENCY ON OUR PART.

no bueno

HAXXOR TEH GIBSON

 

[libeerty]

The only way to protect ourselves in the future from this type of crap is for people like me, who were not affected, to decide not to do business with Midwest. That way, the calculus changes the next time around and a vendor will decide that waiting nearly 3 months to talk about it is a BAD business decision.

I really think the lawyer who gave them the advice to keep quiet did a bad job as part of his/her job is to consider the client's financial interests as well. I really think they miscalculated the repercussions of this..

 

[BrewerinBR]

The only way to protect ourselves in the future from this type of crap is for people like me, who were not affected, to decide not to do business with Midwest. That way, the calculus changes the next time around and a vendor will decide that waiting nearly 3 months to talk about it is a BAD business decision.

I really think the lawyer who gave them the advice to keep quiet did a bad job as part of his/her job is to consider the client's financial interests as well. I really think they miscalculated the repercussions of this..

+1
As far I know I was not impacted but I have cancelled my account and will not do business with them again.

 

[unkempt]

+1
As far I know I was not impacted but I have cancelled my account and will not do business with them again.

How did you go about canceling your account im looking for the section and cant find it thanks

 

[FuzzeWuzze]

I love the first world problems here: "blood money", "inconvenience while on vacation", etc.

There are two types of people who shop on-line: those who have had their info hacked and those who will.

If you're gonna shop online, make sure it is with a company with a good fraud policy.

If you don't want to risk it, just take some gold down to your LHBS, or better yet: grow your own barley and hops.

With that said, I hope midwest learned their lesson by ignoring those who posted here originally in a very respectful manner saying "hey Midwest, a bunch of customers have been hacked; might want to check it out." And responding with "thanks, but it isn't us."

The thing is, there are actual laws for this stuff when it comes to credit card security. For example when the law states you cant have the information accessible to the internet, you can just turn off that port externally. Technically that's following the letter of the law, not the spirit of the law. Realistically any security expert would tell you a 12 year old with scripting tools could get in without issue.

Although to me if the data was available in plain text somewhere, im pretty sure it was just downright illegal, which is why they hired legal representation. I would expect some pretty harsh penalties for them from the government for being so willy nilly with peoples private data.

Yes you shop online you lose some security, but MANY MANY websites get hacked and customer data revealed. But because the data is encrypted none of the data is actually useable by the criminals unless they have dozens of years to decrypt the keys, by which point the cards arent even valid anymore anyways. The main difference here is i guess you could say the utter disregard for their customers private data.

 

[emjay]

The thing is, there are actual laws for this stuff when it comes to credit card security. For example when the law states you cant have the information accessible to the internet, you can just turn off that port externally. Technically that's following the letter of the law, not the spirit of the law. Realistically any security expert would tell you a 12 year old with scripting tools could get in without issue.

You sound like you know way less about computers than you'd like to sound. Nonsense.

I'd like just one person to conclusively demonstrate that they've actually broken any laws. Heck, the might not even be required to comply with PCI guideline depending on their annual sales.

 

[unkempt]

You sound like you know way less about computers than you'd like to sound. Nonsense.

I'd like just one person to conclusively demonstrate that they've actually broken any laws. Heck, the might not even be required to comply with PCI guideline depending on their annual sales.

http://www.pcicomplianceguide.org/pcifaqs.php

Q: To whom does PCI apply?
A: PCI applies to ALL organizations or merchants, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data. Said another way, if any customer of that organization ever pays the merchant directly using a credit card or debit card, then the PCI DSS requirements apply.

 

[emjay]

My bad, I misunderstood it reading the validation requirements. Smaller merchants don't have any except those required by their bank.

Still, I'd like to see proof of anything illegal.

 

[unkempt]

My bad, I misunderstood it reading the validation requirements. Smaller merchants don't have any except those required by their bank.

Still, I'd like to see proof of anything illegal.

Yea i wasnt saying anything illegal has happened (I dont know how they stored the data nor does any1 other than the hackers and the company), but they are all required to follow the guidelines no matter their size, thats all i was posting about

 

[nukebrewer]

http://www.pcicomplianceguide.org/pcifaqs.php

Q: To whom does PCI apply?
A: PCI applies to ALL organizations or merchants, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data. Said another way, if any customer of that organization ever pays the merchant directly using a credit card or debit card, then the PCI DSS requirements apply.

There's also this one:

Q: What if a merchant refuses to cooperate?
A: PCI is not, in itself, a law. The standard was created by the major card brands such as Visa, MasterCard, Discover, AMEX, and JCB. At their acquirers/service providers discretion, merchants that do not comply with PCI DSS may be subject to fines, card replacement costs, costly forensic audits, brand damage, etc., should a breach event occur.

For a little upfront effort and cost to comply with PCI, you greatly help reduce your risk from facing these extremely unpleasant and costly consequences.

So it's not really a law, but it forces merchants to comply or risk costly and damaging actions to continue doing business with the CC service providers.

 

[russki]

Rest assured that if you were not contacted you were not among the customers impacted.

Very interesting... I placed an order through Midwest in June, and then had fraudulent charges on my CC (luckily Chase blocked them). Have not received anything from Midwest as stated.

Have these notifications been made over email or snail mail?

 

[Dirty25]

I had over $1000 of fraudulent charges made on my card after a Midwest order. Thankfully my bank is awesome and canceled the card after the $1000 charge there were 3 pending charges that didn't go through. All my money was returned given back to me from the bank...Midwest where is my notification and $25 gift card????

 

[NewWestBrewer]

Even though I was not impacted, fortunately my LHBS is a one minute walk from my house, a $25 GC is absolutely appalling. It should have been a min $100 with fraus protection for those who were affected. Today's world is about service. Too many choices to deal with poor service and judging by the responses on here today, Midwest is going to learn a valuable lesson.

 

[Randy_Bugger]

 

[ShootsNRoots]

Couple questions for Midwest Supplies:

1.) How are you determining who was affected by this?
2.) How are you notifying those affected?
3.) How are you giving the $25 credit?

( I believe I was affected but have not received any notification. )

 

[wsender]

Got this PM from Midwest. More kicking the can and overall lameness. I really wish Midwest would just discuss this out in the open. The overall lack of public disclosure is what most people are mad about.

We are sorry that our original post did not answer all of your questions, but please feel free to contact us, and we can answer any questions that you might have directly. We are closed today for the Labor Day holiday, but we will be in the office at 10 – 7 M-F and 10 – 5 Sat and 11 – 5 Sun. You can contact us by phone at 888-449-2739 or by email at [email protected]

I'd still like to see a public reaction on how they plan to change their actions in the future to prevent this from happening again.

 

[nickmv]

Got this PM from Midwest. More kicking the can and overall lameness. I really wish Midwest would just discuss this out in the open. The overall lack of public disclosure is what most people are mad about.



I'd still like to see a public reaction on how they plan to change their actions in the future to prevent this from happening again.

I got the same message. My response -- if they want to talk about details, they can say it to ALL OF US.

 

[MicroBrewMaster]

Bump don't want this falling to the bottom

 

[ObsidianJester]

Midwest has handled this horribly from the start. For starters, they mishandled customers' information. Then they denied any culpability when a thread was posted in June, despite already knowing they had had a breech. Then they waited over a month to notify customers who may have been affected. Then they chose to make the announcement on a message board in the middle of a long weekend so it would get less attention. Finally, they are not offering identity theft insurance to those who had their information stolen due to MW's mishandling, but instead offer a GC, essentially requesting you trust them with your information again. I've only ordered a couple times from them, but I will definitely not be ordering from them ever again and will go out of my way to warn others that they will do the bare minimum to protect your info and then tell you to your face that they had nothing to do with it being stolen.

This to me was a big point. I'm a local customer so I've been dubious and due to their piss poor customer service. Try walking in there and having zero employees being able to answer your questions other than, "Uh I think so but I really don't know but this should work" Seeing a sign posted for no firearms allowed and turning around because of it and having someone passing out insulting you for that is also pretty awesome too. Oh, and the fact that if they suspected they were hacked and taking months to respond?

Who does that in today's technical world? Why is there only an email going out by snail mail? I just checked all the folders of the two email accounts I commonly use and would have used with that site and there is a simple notification of my midwest points my expire.

Perfect.

**** goes down sometimes. That is not really acceptable but things at times happens. When the .gov can inform me as a Veteran I've had things compromised and that is swifter than Midwest there is something wrong with that.

This does explain all the flip outs my bank has had of recent however.

Thank you Midwest, you're service and notification on a long weekend is a peach.

Northern Brewer If you are associated with this travesty I will take my money elsewhere. I would be curious to see as to how this unfolds, while I like having Northern Brewer as my Local Brew Store for convince sake since it is on my way past if there is any truth to this association or any possible linking of troubles if it is true I will decide to fight traffic and have things drop shipped to my house.

Really who is in charge of this travesty should take a lesson in customer service, but then again we are apparently but a few on the internet. Midwest has little to no care about things since this is released on a long weekend.

Bravo Midwest for being behind the 8 ball, or perhaps it is bravo for doing such things on a long weekend so that most folks miss it.

Bravo.

 

[Littlejoe]

They said "It's not us" didn't they! They didn't say we're investigating this! they told us flat out NO it's not US!

As far as their $25 GC If I'm one of the lucky ones to get one I'll tell them where to put it. I put my last order in to Midwest They won't get any more of my business.

 

[Trail]

Since there are a lot of misconceptions about the security of online shopping, as well as what Midwest could have done, let me ruminate briefly as a professional developer, including of eCommerce software:

1) Midwest should not have stored CC details.
This is true. Storing details is generally a Bad Thing (TM), and they should get nailed to a tree for storing this payment information when the box to do so is unchecked.

2) If Midwest hadn't stored payment details, this wouldn't have happened.
This probably isn't accurate. It's often not obvious that you've been hacked until the credit card fraud inquiries start rolling in. During this period, between when the breach is made and the breach is closed, the attacker can harvest even unstored details by altering the checkout system to divert the private data to permanent storage.

3) If Midwest had stored these details on a machine that didn't face the Internet, this wouldn't have happened.
Maybe, if the intrusion had been caught immediately before any transactions were made on the compromised system. Their response does not give me confidence that this was caught quickly.


In terms of their response, it's absolutely unacceptable. They were either lying when they said it hadn't happened to them when individual customers complained, or they're lying now when they say that they've been working on this for months... either way, they're liars with your billing information and it's been kept quiet for far too long. To hell with this company and up with the LHBSes.

 

[BigdogMark]

I'm going to assume those that are claiming they were affected by this issue did not choose to save a credit card in their Midwest account. My account has no cards saved. If you did, you chose to bypass the PCI requirements for the sake of convenience. Convenience breeds failure. However, as others have mentioned, cards don't have to be stored for a problem to occur. If the order system has been tampered with it is a simple thing to redirect a copy of information to somewhere else.

One thing missed in all this talk is software maintenance. We may overlook the compare after backup feature in our backup software, but one of the best uses for that feature is to maintain a baseline for comparison of your applications. Unless you are doing adds and changes, the app shouldn't be changing. If it has changed from your last good copy after an install or upgrade, someone has been messing with your code and you have a problem. As a system administration consultant, very few of the clients who engage my services are taking these simple precautions. But I'm preaching to the wrong audience.

All that having been said, Midwest certainly should have handled this better, and in a more timely manner. I had this happen at an internet company I owned years ago. The crack occurred at the settlement bank, not our facility or equipment but that didn't matter. The main difference was I was informed by the processor within two (2) hours of their awareness, and we informed our customers immediately, all of them through a mass emailing. The processor bore the cost of closing accounts and re-issuing cards. We were a very small company among many across the nation affected, and it was handled well. The same sort of thing should have happened in this case.

 

[mattd2]

Just found this gem - http://doj.nh.gov/consumer/security-breaches/documents/midwest-supplies-20130827.pdf
Goes to say they received preliminary info on July 19. The first post on here was July 7 and in a later post that (or the next) day the OP confirmed his dad had contacted Midwest about it.
Is Midwest lieing to the Attorny General now?

 

[raysmithtx]

The last sentence of the first page says "The company does not store credit card information." If that's the case then how can I order using my previous credit card info?

The conflicting statements and the initial denial by Midwest followed by an extremely slow response is enough for me to say "I'm done with them".

 

[disney7]

Just found this gem - http://doj.nh.gov/consumer/security-breaches/documents/midwest-supplies-20130827.pdf
Goes to say they received preliminary info on July 19. The first post on here was July 7 and in a later post that (or the next) day the OP confirmed his dad had contacted Midwest about it.
Is Midwest lieing to the Attorny General now?

That is very interesting and is much more information than they bothered to give us here.

That letter to the AG in NH makes it sound like they are only informing New Hampshire residents. I'm fairly certain my card fraud was a result of doing business with MW and I haven't seen anything yet in TN. Of course, the letter may not have had time to get here yet.

My best guess would be that MW is in fact not storing CC info. The letter to the AG says their site was compromised and software was installed that intercepted CC info that was entered on their site and sent it to the bad guys. Usually such things are a result of server software that isn't kept up to date. It can also be due to misconfiguration. You can also have what are called zero day vulnerabilities, which are exploitable issues that have just been discovered and the software vendors have not had time to come out with a patch to correct them. Sometimes the good guys figure those out first and sometimes the bad guys do.

 

[disney7]

The last sentence of the first page says "The company does not store credit card information." If that's the case then how can I order using my previous credit card info?

The conflicting statements and the initial denial by Midwest followed by an extremely slow response is enough for me to say "I'm done with them".

They've explained this. The first time you enter your info the processing center creates a token and the token is stored with MW. From then on, the token is sent to the processing center.... they know what credit card it represents and use it.

From my understanding, if someone else were to obtain the token they wouldn't be able to use it because the token is only acceptable for use between MW and their processor.

 

[ghoti]

I find it funny you think so highly of your customers less than 15 bucks (we know you mark up your products around 50%). I for one will never be a customer at a company that treats their customers like this. You should be offering credit protection for all those customers as it is your fault they will need to go through the hassle of canceling their credit cards. From one brewer to another, piss off.

 

[Randy_Bugger]

I ordered from MW once about five years ago. Now I'm going to have to cancel my credit cards, change my name and move to another state!

 

[ShootsNRoots]

From my understanding, if someone else were to obtain the token they wouldn't be able to use it because the token is only acceptable for use between MW and their processor.

Credit card tokenization isn't secure if the server isn't secured.

http://pages.cs.wisc.edu/~lorderic/webpage/tokenization-crack.pdf

What really ticks me off is that AG letter where the venomous snake lawyer wrote 'did not find conclusive evidence from Feb to Jun.'

Sounds like they're trying to weasel their way out of more liability by only claiming liability for one weeks worth of fraud.

I haven't ordered from Midwest since February when my first card was compromised and won't order from them ever again.

 

[Bobby_M]

I was hacked for sure and I didn't receive any contact from MW over the weekend. My fraud charges happened over a weekend when I don't often check my online ledger and they got me for at least $2000 in charges which I am still currently on the hook for. I had to file a police report, then go back and pick it up to send to my bank after getting a form notarized. At least if I got the number lifted by a waiter at a restaurant, I'd know exactly who to punch in the face.

 

[FermentusMaximus]

I've made all my purchases with Midwest indirectly through Amazon. Seemed a little safer that way.

 

[kh54s10]

Thankfully, I have always found MW prices to be too high so I have never ordered from them. I now doubt that I ever will.

Their handling of the situation has been despicable from start to present.

 

[Hello]

I love the first world problems here: "blood money", "inconvenience while on vacation", etc.

There are two types of people who shop on-line: those who have had their info hacked and those who will.

If you're gonna shop online, make sure it is with a company with a good fraud policy.

If you don't want to risk it, just take some gold down to your LHBS, or better yet: grow your own barley and hops.

With that said, I hope midwest learned their lesson by ignoring those who posted here originally in a very respectful manner saying "hey Midwest, a bunch of customers have been hacked; might want to check it out." And responding with "thanks, but it isn't us."

In this day shopping online shouldn't be a "your information will be hacked or it has been hacked" situation. There are controls in place and if they're not in place, there should be controls in place to prevent this from happening. Having your information hacked by shopping online should be a rare occurrence.

Notwithstanding, having never ordered from this company but seeing the thread when it was posted, I was really thinking they did wrong here. In searched MW I found that folks were drawing concerns early on and for MW to publicly say it wasn't them is appalling.

Midwest has handled this horribly from the start. For starters, they mishandled customers' information. Then they denied any culpability when a thread was posted in June, despite already knowing they had had a breech. Then they waited over a month to notify customers who may have been affected. Then they chose to make the announcement on a message board in the middle of a long weekend so it would get less attention. Finally, they are not offering identity theft insurance to those who had their information stolen due to MW's mishandling, but instead offer a GC, essentially requesting you trust them with your information again. I've only ordered a couple times from them, but I will definitely not be ordering from them ever again and will go out of my way to warn others that they will do the bare minimum to protect your info and then tell you to your face that they had nothing to do with it being stolen.

With respects to the long weekend posting, I have a strange feeling that they did this thinking it would garner some kudos from the community for their attempt to notify customers in spite of the long holiday weekend. The cynic in me thinks this was a play on their part and nothing more.

Well it looks like I won't be ordering from Midwest anytime soon. Sucks for you.

YOUR FAILURE TO PREPARE HAS CAUSED AN EMERGENCY ON OUR PART.

no bueno

HAXXOR TEH GIBSON

Even if they were PCI compliant this could have happened. It appears they were not and somewhat more importantly, their behavior when customers who have likely spent a fair amount of money on supplies from their site expressed concerns, is unforgivable. I will be surprised if they come out of this healthy.

The only way to protect ourselves in the future from this type of crap is for people like me, who were not affected, to decide not to do business with Midwest. That way, the calculus changes the next time around and a vendor will decide that waiting nearly 3 months to talk about it is a BAD business decision.

I really think the lawyer who gave them the advice to keep quiet did a bad job as part of his/her job is to consider the client's financial interests as well. I really think they miscalculated the repercussions of this..

They claimed they hired a lawyer who specializes in this type of intrusion. I have to say, I question that because like you, they should have been advised instantly to notify customers.

Very interesting... I placed an order through Midwest in June, and then had fraudulent charges on my CC (luckily Chase blocked them). Have not received anything from Midwest as stated.

Have these notifications been made over email or snail mail?

I read on reddit that someone received a letter via post.

Couple questions for Midwest Supplies:

1.) How are you determining who was affected by this?
2.) How are you notifying those affected?
3.) How are you giving the $25 credit?

( I believe I was affected but have not received any notification. )

Based on the below, perhaps they did only notify NH residents. Who knows, they need to respond asap. Also, the $25 is a gift card so you can spend it on their store. They lose absolutely nothing here unless customers stand their ground and take their business elsewhere.

Just found this gem - http://doj.nh.gov/consumer/security-breaches/documents/midwest-supplies-20130827.pdf
Goes to say they received preliminary info on July 19. The first post on here was July 7 and in a later post that (or the next) day the OP confirmed his dad had contacted Midwest about it.
Is Midwest lieing to the Attorny General now?

They best hope that they didn't lie to an AG about the intrusion and they better hope they're not messing with the New Hampshire AG. NH does not mess around at all. Although little, their reach is far and NH will stop at nothing to ensure their consumers are protected.

I will say what everyone else is saying, MW needs to think less about offering a gift card that is to be spent on supplies from their store and offer fraud monitoring for at least 12 months. Customers who were affected can put a fraud alert on their credit profiles (start with Experian) and as a victim of fraud, you're entitled to two free credit reports a year. If the information obtained from MW did not include SSN or anything that could allow someone to use your identity then the fraud alert may not be necessary. MW should provide a Visa gift card so that the funds could be used by affected consumers to order a credit report instead of using their one free one a year. If someone says my information was stolen because proper controls weren't in place then hands me a way to order more crap from their site, I too would be pissed. I don't call this a "first world problem at all."

 

[mrwizard0]

I was hacked for sure and I didn't receive any contact from MW over the weekend. My fraud charges happened over a weekend when I don't often check my online ledger and they got me for at least $2000 in charges which I am still currently on the hook for. I had to file a police report, then go back and pick it up to send to my bank after getting a form notarized. At least if I got the number lifted by a waiter at a restaurant, I'd know exactly who to punch in the face.

I think if everyone who gets a $25 GC to Midwest was to send it to bobby, he would still be out a lot. I am curious how many people are going to get one. If anyone does get a letter/GC they should post it so we know how many people they think got hacked

 

[ECUmedford]

Just found this gem - http://doj.nh.gov/consumer/security-breaches/documents/midwest-supplies-20130827.pdf
Goes to say they received preliminary info on July 19. The first post on here was July 7 and in a later post that (or the next) day the OP confirmed his dad had contacted Midwest about it.
Is Midwest lieing to the Attorny General now?

Unbelievable. I am the original poster that brought this situation to light on July 6th (same day my Dad called Midwest) and was in contact with Midwest multiple times until they made a public statement on this board on July 8th:

After thoroughly investigating the concerns in this thread, we do not believe they were related to purchases made at Midwest Supplies

My guess for the reason Midwest is using the July 19th date is because that is probably the date they notified the major credit card companies about the breach. Part of PCI rules states that a company can be fined $100,000 for every day that they fail to report a known "potential breach" to the processors.

What further upsets me about this Attorney General letter is that only customers between June 13th and July 19th were confirmed compromised. My affected purchase was made in April but card was not charged until that week in July when a lot of you were hit with the same fraudulent charges. Again, the credit card processors can fine up to $100,000 per month that a breach goes uncured. I guess admitting to the February to June breach doesn't fit the company budget.

I only posted this situation on this public forum because Midwest was the only shared vendor that made sense when both My dad and I had eerily similar fraudulent charges within the same few days. Several other posters quickly came forward with similar situations yet within hours the Midwest team determined it was not them. There was even a poster named "Varaflame" who referenced the company I worked for and attacked the site for not having a security certificate (doesn't need one since it does not accept payments). I had given Midwest my employers information to call me there so I'm pretty sure Varaflame was a Midwest employee which is why I refused to contact them again regarding the situation. If they want to discuss the situation....I felt they needed to discuss it with everyone on this forum. They did a pretty horrific job of that.

Within a couple of weeks 30+ people came forward and then the thread was shut down by moderators. I just want it known to the moderators that by shutting down that thread other members were not able to come forward and I don't think that is right.

Attorneys and CEOs make horrible public relations professionals. Midwest could have handled this in a way that I would have remained a customer, but they drove me away.

 

[passedpawn]

I just want it known to the moderators that by shutting down that thread other members were not able to come forward and I don't think that is right.

Seems we did shut it down prematurely, but by that time it was mostly bickering among members, not new information. I did go back and add a link to the end of that thread pointing to this thread.

 

[unionrdr]

Once again,this is why I use paypal whenever a site offers it. Midwest does...more recourse for me & no hacked cards.