Important Statement From Midwest Supplies

[whoaru99]

So yes, other companies might be as bad. And if other companies get compromised AND handle it this poorly, I will stop doing business with them.

That's half my point...other companies may be as bad. It just seems a bit hypocritical to take one's business elsewere, while acknowledging (or not considering) elsewhere may not have any better security than MWS (did).

The other half is taking measures to protect yourself. With the concern for online security, identity theft, etc. wouldn't it be wise to proactively check it out or change something (like use virtual CC numbers) rather than try to manage it after the fact?

As the old cliche goes, gotta look out for #1.

 

[Randy_Bugger]

This won't prevent me from reading the Midwest catalog while I'm on the can.

 

[Valentini]

This is humorous. A job listing for a VP of IT/eCommerce at Northern Brewer on July 25th. Also confirms the merger of Midwest and NB. Talks about David Kidd (he's an Eagle Scout but apparently didn't get the data security merit badge).

He raved about the outgoing CIO.

I assume the job's been filled. Nice firestorm that person just walked into.

http://ecommercejobs.com/2013/07/northern-brewer-seeks-a-vp-of-it-ecommerce-st-paul-mn.html

 

[nickmv]

That's half my point...other companies may be as bad. It just seems a bit hypocritical to take one's business elsewere, while acknowledging (or not considering) elsewhere may not have any better security than MWS (did).

The other half is taking measures to protect yourself. With the concern for online security, identity theft, etc. wouldn't it be wise to proactively check it out or change something (like use virtual CC numbers) rather than try to manage it after the fact?

As the old cliche goes, gotta look out for #1.

You do have a very fair point, one that I can't deny is interesting to think about.

I'm placing an order today with Rebel Brewer, but before I order, I'm going to mention to them about this (I'm sure they already know), and ask if they store any of that info to a connected webserver, etc. I have full confidence that they are well-secured and that this won't happen, and I know for a fact that my card info isn't saved on the shopping front-end as I always have to re-enter my payment.

Regardless, folks, check your other supply stores and make sure you're safe there too. I'm sure a decent number of them use the same eCommerce system, but each one is unique.

 

[govner1]

I'm lucky in that I have a very well stocked & experienced LHBS less than ten minutes away. No issues w/ stored CC info and they're rarely out of stock on anything.
I did make a few purchases from NB early on but that's now going to come to an end.

 

[BrewingGunner]

The best thing is after 16 pages we have yet to get another response from MW addressing any of these complaints????

 

[whoaru99]

What more would you suggest they say at this point?

 

[nickmv]

What more would you suggest they say at this point?

I think we've been very clear about it.

1. Forget the $25 gift card -- nobody wants it. What we want is 6months to 1 year of fraud protection credit monitoring service. This is standard when a company gets hacked for CC's. Telling customers to simply watch out for fraud charges when it's not the customer's fault is a slap in the face.

2. We want a full explanation of what they've ACTUALLY done to prevent it in the future. At this point, they've essentially told us to simply trust them.


That's a good start. Something tells me you didn't read through this thread all the way.

 

[whoaru99]

I did read it, mostly, but what took most notice of is that lots of people seem to be jumping ship into potentially unknown waters, as I pointed out in my earlier post.

If that's the stuff you want then I suggest you contact them directly and ask for it.

Should it have been offered, straightaway? Yeah, probably, it should have been but it wasn't. I understand that's part of the point, but why not ask directly, rather than through a forum, if it's a concern. Worst they can say is "No".

This again goes back to looking out for #1. Make lemonade...

 

[ChuckCollins]

Hey **** happens my card was used but we caught it and my bank gave us the money back I for one will still use Midwest again,if you choose not to you are letting the hackers and crooks win SHOP MIDWEST

 

[Kolsch_Meister]

hey **** happens my card was used but we caught it and my bank gave us the money back i for one will still use midwest again,if you choose not to you are letting the hackers and crooks win shop midwest

+1!

 

[jleonar]

That's half my point...other companies may be as bad. It just seems a bit hypocritical to take one's business elsewere, while acknowledging (or not considering) elsewhere may not have any better security than MWS (did).

How is it hypocritical? For instance, I have used Rebel Brewer in the past. They may or may not have superior security but I DO KNOW for a fact that Midwest was lazy about it.

In one case, I know Midwest did not take security seriously. The other is an unknown but I will take my business elsewhere if shown to not take stuff seriously. AND if everyone does the same, it sends a HUGE signal to the other stores that they risk ruin if they don't take things seriously.

I take my business elsewhere as a statement that I will not do businesses that don't take security seriously.

 

[joshrosborne]

So they offer $25 off coupons (not good for shipping!) to a ton of customers who will probably not shop with them again (hence not use the coupons). I suppose that's one way to pretend to make things right and minimize profit losses all at the same time.

 

[MuddyCreek]

The issue is not that Midwest was hacked. That can happen. The problem really is that people feel as though they've done a very poor job handling the crisis.

The good news, undoubtedly Midwest folks ARE monitoring this thread and you can bet they are recognizing how seriously their poor situation management is effecting them.

I suspect they'll work very hard to avoid this kind of debacle in the future.

They screwed up big-time and I expect they are as chagrined as anybody about it. I don't know if I'll use them again or not, but if I do, I'll only go through paypal. (That's what I've used with them in the past, and is likely why I haven't seen funky transactions.)

 

[jleonar]

The issue is not that Midwest was hacked. That can happen. The problem really is that people feel as though they've done a very poor job handling the crisis.

The good news, undoubtedly Midwest folks ARE monitoring this thread and you can bet they are recognizing how seriously their poor situation management is effecting them.

I suspect they'll work very hard to avoid this kind of debacle in the future.

They screwed up big-time and I expect they are as chagrined as anybody about it. I don't know if I'll use them again or not, but if I do, I'll only go through paypal. (That's what I've used with them in the past, and is likely why I haven't seen funky transactions.)

If they wanted to earn trust, they would explain what happened and why. By not explaining, I am left to assume that they really had some amatuer crap going on.

If they explained what they did (for better or worse) and explained how they were resolving it, it would go a LONG way to making me reconsider them.

But without knowing how and why this happened, I cannot use them again.

Like the saying goes, "fool me once, shame on you, fool me twice, shame on me". Well the only way I won't be fooled is avoiding them at this point.

It is amazing to me that they haven't replied to this thread to try and gain some support back.

 

[Malric]

Check out beveragefactory.com

I've found that Kegconnection normally has better prices. I did have an issue with a bent ball lock keg lid on one order. They shipped a replacement without any issue.

 

[FuzzeWuzze]

I'm lucky in that I have a very well stocked & experienced LHBS less than ten minutes away. No issues w/ stored CC info and they're rarely out of stock on anything.
I did make a few purchases from NB early on but that's now going to come to an end.

This, but you also have to watch all of those as well.

My LHBS fat fingered a 40 dollar order into a 400 dollar order and neither of us noticed. They were very fast to refund me the next day though.

Probably the smartest thing i did long ago was set up my account to notify me via email of any purchase over 100 dollars. Also have Mint.com doing the same.

 

[TheSmithsEra]

Looks like i wont be giving any first orders to midwest or northern brewer . .

 

[LovesIPA]

Now, can someone tell me what kind of identity theft is possible with the information that was stolen from Midwest (address/name/CC #)? It's not like someone can open another CC account in my name without my birthdate and SSN, right? Though I suppose they could steal that from somewhere else.

Once the affected credit card has been canceled and replaced, the hackers can do nothing with the information. It's worthless.

That's why I kind of chuckle at people in this thread who are crying for a lifetime of free identity protection. As if having a credit card number stolen entitles you to that. Get a grip, folks.

 

[whoaru99]

How is it hypocritical? For instance, I have used Rebel Brewer in the past. They may or may not have superior security but I DO KNOW for a fact that Midwest was lazy about it.

In one case, I know Midwest did not take security seriously. The other is an unknown but I will take my business elsewhere if shown to not take stuff seriously. AND if everyone does the same, it sends a HUGE signal to the other stores that they risk ruin if they don't take things seriously.

I take my business elsewhere as a statement that I will not do businesses that don't take security seriously.

It's hypocritical because you acknowledge you're going to take your business elsewhere, assuming the other places are doing things you're trying to punish MSW for not doing.

 

[jleonar]

It's hypocritical because you acknowledge you're going to take your business elsewhere, assuming the other places are doing things you're trying to punish MSW for not doing.

Do you not see the difference? One place, Midwest, obviously did not take security seriously. There is no evidence that someone like Rebel Brewer isn't taking it seriously. Lack of evidence is not evidence.

And again, if Rebel isn't taking security seriously, I will leave them as well.

 

[Sir-Brews-Alot]

Count me in as another with a compromised account. My bank noticed the errant charges and contacted me right away, stopped all transactions, and cancelled my card. Fortunately Citibank was on the ball, since MW clearly doesn't know what they're doing. I received my letter from MW yesterday. I will delete my MW account and never order from them or affiliates again. I guess if they handled things differently I might still give them a chance, but seriously the only recompense, a $25 gift card. FU!

 

[Homercidal]

Feel free to send me all of your MW gift certs...

 

[tborow]

I will probably continue to do business with NB

Todd H (Northern Brewer)

Hi (your name here),

We are the same company but separate brands. We have a web site and customer accounts completely separate from Midwest. Please let me know if you have any other questions.

Cheers!

 

[beernutz]

It's hypocritical because you acknowledge you're going to take your business elsewhere, assuming the other places are doing things you're trying to punish MSW for not doing.

So no matter what a merchant may do to compromise your account information you would never stop shopping with them because other merchants also have the potential to do the same?

 

[Larzean]

So no matter what a merchant may do to compromise your account information you would never stop shopping with them because other merchants also have the potential to do the same?

I'm not effected by this whole thing bc I never used MW, but logically thinking a place that got hacked would then be on top of things big time going forward where others who haven't been might not be as vigilant. I'd think that now that the issue is resolved with MW they'd be one to not have this happen again..

Not to say my thinking is totally sound/correct or that anyone is wrong to find other retailers or be upset, I would be too!

 

[ghoti]

They never said what happened or what they did to fix it. If you are going to be straight with your customers do not expect them to be with you very long.

 

[the_trout]

I'm not effected by this whole thing bc I never used MW, but logically thinking a place that got hacked would then be on top of things big time going forward where others who haven't been might not be as vigilant. I'd think that now that the issue is resolved with MW they'd be one to not have this happen again..

Not to say my thinking is totally sound/correct or that anyone is wrong to find other retailers or be upset, I would be too!

Im also not affected because Ive never used MW. Just to play devil advocate to your rational. It could be logical to think that a place that was lax in security might be so again while a company that has not been breached might be that way because they were more vigilant all along.

Also, not to say that my reasoning is correct, just a possibility. I know I would be really upset if I had gotten caught up in this mess.

 

[ShootsNRoots]

Now that all y'all quit orderin' from Midwest my orders are shippin' faster than ever. Plus I only get a new credit card issued once every two weeks. That ain't so bad now is it?

Seriously though, I'm leary of most homegrown systems/websites. I don't know if their website/merchant integration was homegrown or professional; or even if they had a professional IT guy in house.

At any rate, if I could be assured that the problems have been resolved, I wouldn't have a problem shopping with them again (except for that slight issue with the darn orders not shipping within 24-48 hrs... what's up with that?).

Perhaps it's the stigma of seeing that website; and that darn checkbox (that I pointed out and asked to have changed in the previous thread) to save my information, that makes me leery of using the site again.

Never had a problem with NB because it's different software (Magento eCommerce?), probably on a different server or virtual machine. (I'm guessing NB is using some homegrown software themselves behind the scenes.)

Well tested commercial software, combined with a knowledgeable systems administrator and up to date OS/DB/etc... usually! (not always!) makes for a secure system.

I've had credit card numbers stolen before, it's not a huge deal, just annoying that you're left without your card for a week or so. I've never dealt with a CC company who doesn't fully cover fraudulent charges.

Obviously we'll probably never get an answer as to who was in charge of the darn server, how the malware got installed etc... but there has to be some sort of assurance that this breech in security has been resolved.

Working in IT myself, I know that security is an ever-present and ongoing process. It takes constant monitoring, updating and watching.

So part of me says screw 'em and part of me says, give 'em a break, what if you were the guy in charge of that server, would you have noticed the breach? Would you have kept it up to date? Would it have made it past you? How supportive of this person was Midwest? etc...

It's easy to place blame (which I'm guilty of) but then you walk a mile in another man's shoe and quickly see what's really goin' down...

 

[Littlejoe]

I want to make it completely clear that I'm not leaving Midwest because they were hacked or even that the hackers got my cc info. I'm leaving midwest because they lied to us. They said it wasn't them flat out. They should have said we're investigating it, but they didn't. I just think they have handled this whole thing wrong from the start, and this $25 gc is like salt on the wound.