Important Statement From Midwest Supplies

[stu4stew]

Bought from MW once, = fraudulent charges

consequently will never buy from MW (or it seems NB) again

 

[ECUmedford]

Found this gem of a news article about it from Esecurityplanet.com: http://www.esecurityplanet.com/network-security/midwest-supplies-suffers-data-breach.html

Love the commentary at the end:

It's not clear how the site was breached, what was done to resolve the situation, or what steps were taken to improve security for the future -- and no identity theft protection is being offered to affected customers -- instead, they're advised to monitor their credit card statements for unusual charges.

A couple of more articles if interested:
http://www.bizjournals.com/twinciti...09/hackers-strike-minnesota-home-brewing.html

http://www.scmagazine.com/home-brew...bsite-cracked-open-by-hackers/article/309556/

 

[2BeerSpeer]

This may not be related at all but in march I had 2 charges at Walmart.com that I thought was my wife but she says it wasn\'t. We have separate accounts so she would remember using my card...a couple weeks later I had a new card in the mail with a statement saying my acct had been compromised and \"several\" attempts made to fraud the acct. I made my 1 and only purchase from MWH last fall....

 

[ricewing]

I received my letter from MW today. $25 gift card? Ha
I\'ll be shopping elsewhere.

 

[ja09]

I received my letter today. My card was compromised for many hundreds.. and like everyone else, I'm ready to grab my pitchfork and head over there.

I've attached the letter if anyone's curious... and what a joke it is. They even have the balls to refer you to credit monitoring agencies without any reimbursement if you've already used your "one free report".

I'm local and have always had love/hate relationship with them, and have always suspected poor management due to their constant screw-ups and the terrible staff they hire that never knows anything & gives the worst advice (there are a couple good ones).

The only reason I've loved them in the past is because they regularly mark the wrong price on things and don't know what they're doing... i.e. selling ball locks in their store at $34 by accident (that was sweet), sending me a keg in the mail when I didn't even order one (even sweeter), giving me a new regulator for free because my old one had an issue, and the list goes on.

My guess for the reason Midwest is using the July 19th date is because that is probably the date they notified the major credit card companies about the breach. Part of PCI rules states that a company can be fined $100,000 for every day that they fail to report a known "potential breach" to the processors.

What further upsets me about this Attorney General letter is that only customers between June 13th and July 19th were confirmed compromised. My affected purchase was made in April but card was not charged until that week in July when a lot of you were hit with the same fraudulent charges. Again, the credit card processors can fine up to $100,000 per month that a breach goes uncured. I guess admitting to the February to June breach doesn't fit the company budget.

Interesting, but this isn't the case with my letter which states "May 4, 2013". The part that's really interesting is the card that was compromised was used with them only in 2012, and not any later.

All in all, this latest bit confirms my suspicions and experience that Midwest has very poor management (kudos David Kidd), and is probably not worth my time or money until they clean house, including you David.

 

[steveoc]

I got hit too. Credit Card company was right on it and immediately contacted me via multiple modes. I guess buying a $2000 ticket on Emirate Air was a little out of my normal behavior. Upon contacting me they immediately voided the card and sent a new one.

I guess I was not too badly impacted other than being rousted from bed and having to spend a half hour on the phone with a customer rep that I could barely understand.

I am underwhelmed by their $25 offer that I got in the mail today.

 

[the_trout]

I tell you what... if I owned another larges homebrew store based in the capitol of Texas Id be thinking long and hard about honoring my competitors gift certificates for the next month or so. Just sayin...

 

[nickmv]

I tell you what... if I owned another larges homebrew store based in the capitol of Texas Id be thinking long and hard about honoring my competitors gift certificates for the next month or so. Just sayin...

I don't know about that -- maybe a $10 discount if you provide your letter of compromise.

That same store you mentioned happens to have stopped offering lower prices for going AG for a lot of their kits (for seemingly no reason), and instead charges just as much for AG as they do extract. This isn't every recipe, but there are quite a handful that seem to be affected by this (ie. the newest IPA being promoted with the blue hop logo).

 

[ja09]

I was hacked for sure and I didn't receive any contact from MW over the weekend. My fraud charges happened over a weekend when I don't often check my online ledger and they got me for at least $2000 in charges which I am still currently on the hook for. I had to file a police report, then go back and pick it up to send to my bank after getting a form notarized. At least if I got the number lifted by a waiter at a restaurant, I'd know exactly who to punch in the face.

Bobby,

Not to sound like a dick, but would you be willing to share which credit card company or bank you're using? That's a little ridiculous and they should be called out for it.

ps. Love the sight glass and digital therm adapter. Two of the best brewing investments I've ever made. I will be ordering from you again in the future, and thank you for offering Paypal payments even though they're almost as big of a joke as Midwest, but at least their security is top-notch.

 

[Wrecked]

That same store you mentioned happens to have stopped offering any discounts on their all-grain kits, and instead charges just as much for AG as they do extract.

Are you sure about that? Just checked the pricing on some of my favorite kits and the prices are discounted for AG kits.

 

[nickmv]

Are you sure about that? Just checked the pricing on some of my favorite kits and the prices are discounted for AG kits.

Sure wasn't for the few I checked, and I had noticed before. Let me check again.

Edit: You are indeed correct sir. Even then, their kit prices are way above what they should be. It should be about the same as ordering the recipe's ingredients separately, but I commonly find $20 recipes to be $40-50 there, which is silly.

Now, my original statement still stands for some recipes, such as the newest IPA they're promoting -- no discounts for AG, which is just plain bad business. Regardless, this is going off-topic from what we're discussing -- Midwest being hacked and offering laughable apologies.

 

[Wrecked]

Sure wasn't for the few I checked, and I had noticed before. Let me check again.

Edit: You are indeed correct sir. Even then, their kit prices are way above what they should be. It should be about the same as ordering the recipe's ingredients separately, but I commonly find $20 recipes to be $40-50 there, which is silly.

Now, my original statement still stands for some recipes, such as the newest IPA they're promoting -- no discounts for AG, which is just plain bad business. Regardless, this is going off-topic from what we're discussing -- Midwest being hacked and offering laughable apologies.

Agreed on several of your points. Now back on topic, cheers.

 

[jasoncongo]

I'm new to this site. Long story short, I'm going to take the gift card, spend most of it (not enough to need to add a new cc) then take my future business elsewhere and send them a note as to why.

 

[tborow]

All I see in their eyes is pi π.

Nothing says sorry like starting a thread and never coming back to it. I really hope that since MidWest and Northern Brewer are 2 separate sites...they have 2 different security practices. NB being better. I have had no issues with them thus far

 

[Ridire]

I got my notice via USPS today. I think I've only bought from MW once ever...two fraudulent charges on my card resulted. My bank caught it right away and dealt with it at no cost to me. Pain in the ass to be without my card for a week but not the end of the world.

 

[autonomy]

I was hacked for sure and I didn't receive any contact from MW over the weekend. My fraud charges happened over a weekend when I don't often check my online ledger and they got me for at least $2000 in charges which I am still currently on the hook for. I had to file a police report, then go back and pick it up to send to my bank after getting a form notarized. At least if I got the number lifted by a waiter at a restaurant, I'd know exactly who to punch in the face.

Hm, that sounds like a lot of hoops to jump through. IANAL, but usually you're only liable up to $50 with a card.

I just got this letter - I had an unauthorized charge show up over the July 4th weekend, and then the same exact charge about a month ago. I was blaming a sketchy parking lot attendant, but I guess now this explains where the charges really came from. AmEx refunded both within days.

Monitor your statement weekly, or even better, set up charge alerts - if your CC company is anywhere close to the 21st century, they should offer them. If not, set up a Mint.com account. I get emails for anything over $10, too bad I can't dispute any pending charges until they post.

As far as Midwest... well, at least they bothered to send a letter. I figure this stuff happens a lot these days, I even had my card cloned in person.

Now, can someone tell me what kind of identity theft is possible with the information that was stolen from Midwest (address/name/CC #)? It's not like someone can open another CC account in my name without my birthdate and SSN, right? Though I suppose they could steal that from somewhere else.

 

[nickmv]

Nothing says you're NOT sorry like starting a thread and never coming back to it.

Fixed that for ya.

 

[tborow]

Fixed that for ya.

Thanks, I was definitely trying to be sarcastic.

 

[The542]

Hmm, so the official letter came in the mail today. Didn't realize I was in the affected timeframe. So Midwest is on my "do not buy" list. I can't believe how long it took them to respond to something that went as far back as March.

 

[Face Eater]

The worst part of this for me was that this happened to me on an order that took a month to ship it to me and then still missed items in my order. Phone call after phone call. Seen the posts online for people having fraudulent charges after Midwest orders. Then it hit me with a 680 dollar charge from Macy's.
Luckily Macy's denied the order and I got a letter in the mail from them staying they information didn't match and it never posted on my American express. Sucked because I had to cancel the card and get a new one which still wasn't the worst part. Then I had to waste more of my time changing all of the things I had that card linked for auto payments.

An awful experience all around from start to finish. Not the first time this had happened to me but first from Midwest. Glad this time it wasn't my bank card. So much wasted time on an order and more wasted time trying to clean up the aftermath.

 

[Rhumbline]

Now, I'm not hoisting anyone's flag here, but in the interest of fairness I'll point out that in the past month I've, for the first time in 20 years, gotten fraudulent charges on my card.

I have never ordered from Midwest, nor from Northern.

All I'm saying is that the issue might be bigger than just this one merchant.

That does not excuse any failure on the merchant's part to protect the client or to act appropriately.

 

[Cathedral]

Now, I'm not hoisting anyone's flag here, but in the interest of fairness I'll point out that in the past month I've, for the first time in 20 years, gotten fraudulent charges on my card.

I have never ordered from Midwest, nor from Northern.

All I'm saying is that the issue might be bigger than just this one merchant.

That does not excuse any failure on the merchant's part to protect the client or to act appropriately.

Wait--are you implying that homebrewers in general are being targeted by an anonymous group of malicious black hats?

 

[Rhumbline]

Just remember, even paranoid people have enemies!

In my case, I'm pretty sure it was an online purchase from a retailer unassociated with brewing. Just saying that there may have been a recent spate of attacks on the second tier folks.

Happy brewing

 

[MSU_BREW]

Just got my letter this morning, I guess that explains the fraudulent charges I had in July/August.

I just went to try this promo code out to see if I could even purchase a kit, too bad $25 is not enough to cover a kit! Additionally, I tried to just purchase some hops to keep it well under $25 with shipping and it appears the code doesn't even cover shipping! Wow, so I have to pay $8 after getting bent over by Midwest, I will no longer order from there. What a joke.

 

[jakenbacon]

Now I know why I received a new bank card in the mail recently. Thanks Midwest!!!

 

[aiptasia]

We got their letter today with the coupon code. The card the crooks got from us was issued by Amazon (citibank) and the Wife had made exactly three purchases with it prior to it being red flagged by citibank. Two of the purchases were on Amazon, and one was Midwest. Didn't take long to figure out where the breach occurred. There were two charges that clued off citibank, a $1.00 charge (to see if the card was valid) and an attempted $500 or so purchase out of CA to a Sears if I remember correctly. Neither charge was honored by citi and they had us a new card in a few days.

I don't get sandy about online fraud, it's why we had the dedicated online Amazon credit card to begin with (including some amazon perks like prime, etc.). What does make me sandy is the way Midwest handled the whole debacle and the time it took to rectify the situation. Seems like since the company was sold and their logistics are being merged with NB's, there's some internal trouble at Midwest in customer satisfaction, order fulfillment and fraud prevention.

Sad thing is, it's going to take a lot for Midwest to recover from a PR black eye. Knowing that NB is the new proud poppa... it's making Austin, Morebeer and Williams look like the best online options. Heck, just shop at your LHBS.

 

[passedpawn]

Just got my letter this morning, I guess that explains the fraudulent charges I had in July/August.

I just went to try this promo code out to see if I could even purchase a kit, too bad $25 is not enough to cover a kit! Additionally, I tried to just purchase some hops to keep it well under $25 with shipping and it appears the code doesn't even cover shipping! Wow, so I have to pay $8 after getting bent over by Midwest, I will no longer order from there. What a joke.

You were not "bent over by Midwest". They did not steal your CC info and use it to buy stuff at Walmart. That was someone else.

I'm not going to defend MW in the way they handled this situation, but it's important to remember that they were not the criminal here.

 

[MSU_BREW]

You were not "bent over by Midwest". They did not steal your CC info and use it to buy stuff at Walmart. That was someone else.

I'm not going to defend MW in the way they handled this situation, but it's important to remember that they were not the criminal here.

Fair enough, although if Midwest's lack of security enabled thieves to steal my CC information (and rack up fraudulent charges), that doesn't go over well in my book. I purchased from Midwest on may 31, and the fraudulent charges were in mid July. If Midwest had any idea that there was security issues, they could have let us know so we could take preventive action. That was nearly 2 months that the person could have had my data, who knows what they have done with it or what they can do with it.

It sounds like standard protocol is to purchase identity theft protection for their victims/customers, but apparently a $25 promo code is enough to satisfy us.

 

[MSU_BREW]

You were not "bent over by Midwest". They did not steal your CC info and use it to buy stuff at Walmart. That was someone else.

I'm not going to defend MW in the way they handled this situation, but it's important to remember that they were not the criminal here.

Additionally, for me to take advantage of this "apology offer" I would need to use a credit card to cover the shipping! Sure, let me give MW another CC to have more fraud on my account!


I can't even purchase something for like $10 plus $8 shipping (keeping the total under $25) because apparently the code doesn't apply to shipping. (From what I could tell at least).

 

[Taz420NJ]

And to think I was just the other day going to order some fittings and stuff from them.. Glad I didn't..