ggriffi
Well-Known Member
That was Schnucks grocery stores not Dierbergs, but you are right, No one is immune these days
Midwest Supplies
- Thread starter rycov
- Start date
Help Support Homebrew Talk:
That was Schnucks grocery stores not Dierbergs, but you are right, No one is immune these days
Your right, my bad. It get the two confused sometimes. Thanks.
This is one of the reasons I have a separate credit card just for online orders. That way it is easier to track. Kudos to Midwest for doing their part and looking into it. I feel for all those who have recently been compromised and hope everything is made right and the jerks responsible are caught.
ECUmedford
Member
- Joined
- Apr 8, 2013
- Messages
- 20
- Reaction score
- 6
Well I certainly hope that you plan to determine the full scope of the problem. 13 Midwest customers on this thread having the same problem in the same 3-4 day time period and you don't think they are related? Credit card fraud does not happen so frequently that a post on this forum would result in this many people coming forward. To prove that I posted on a couple of my favorite high-traffic non-beer related forums to see how many people had fraudulent credit card charges in the past week. All I heard back was crickets.
A similar event happened a couple of years ago on here with Austin Home Brew Supply:
https://www.homebrewtalk.com/f19/ever-have-credit-card-number-stolen-223663/
They were able to communicate to learn the scope of the problem and alert their customers without admitting fault:
http://www.brews-bros.com/index.php?/topic/39394-important-message-from-austin-homebrew/
Have you contacted your credit card processor? They could be the source of the problem which still means that our issues are related, just not necessarily the fault of Midwest. Visa is pretty clear regarding taking action on suspected or confirmed security breaches.
http://usa.visa.com/merchants/risk_management/cisp_if_compromised.html#anchor_3
+1. At this point, I'm pretty much convinced that my card was stolen as a direct result of my purchase from Midwest Supplies. I'm not necessarily blaming them, but something seems to have gone wrong somewhere in the process.
At what point does this thread turn from a possible alert about Midwest Supplies website security to a witch hunt?
I only ask because there is a so called group of "13" now people that have had an issue. But yet, no proof. Not one ounce. OP has speculated because he and his father happened to shop at the same place. But when was the last time they ordered from there? Have they contacted their card issuer and asked them to run a security check and see where the security breach might have occured?
Midwest has comeback with being within PCI compliance. Let us know they have security scans daily. They even list at the bottom of their page that they have these services. Does OP not believe in these practices since he seems to be the expert? His website doesn't brandish such notifications.
I think at this point, unless evidence comes back from a card issuer stating Midwest is the issue, this thread should be locked. I'm all for open communication, but Midwest has presented evidence that it wasn't them. Unless there is something concrete going forward, this is just going to turn into a defamation thread.
Just my two cents
I only ask because there is a so called group of "13" now people that have had an issue. But yet, no proof. Not one ounce. OP has speculated because he and his father happened to shop at the same place. But when was the last time they ordered from there? Have they contacted their card issuer and asked them to run a security check and see where the security breach might have occured?
Midwest has comeback with being within PCI compliance. Let us know they have security scans daily. They even list at the bottom of their page that they have these services. Does OP not believe in these practices since he seems to be the expert? His website doesn't brandish such notifications.
I think at this point, unless evidence comes back from a card issuer stating Midwest is the issue, this thread should be locked. I'm all for open communication, but Midwest has presented evidence that it wasn't them. Unless there is something concrete going forward, this is just going to turn into a defamation thread.
Just my two cents
![Craft A Brew - Safale S-04 Dry Yeast - Fermentis - English Ale Dry Yeast - For English and American Ales and Hard Apple Ciders - Ingredients for Home Brewing - Beer Making Supplies - [1 Pack]](https://m.media-amazon.com/images/I/41fVGNh6JfL._SL500_.jpg)
If "13" people have issues and Midwest is a common denominator and there is no other you can assume a connection.
No one but you is calling this a "witch hunt" and I don't see anyone accusing Midwest of complicity.
You claim there has been no proof from the 13. If you are not willing to take the word of 13 HBT members at face value, why would you take Midwest's denial at face value?
If you are going to apply such critical skepticism to the 13, why not apply it to the entity that has the most to lose from this publicity?
ShootsNRoots
Well-Known Member
- Joined
- Mar 27, 2013
- Messages
- 243
- Reaction score
- 34
I had to replace my card several months ago as a result of fraudulent charges to Walmart.com. This also occurred about the time I had placed an order with Midwest Supplies. When I logged in an found that my Credit Card information had been saved, I immediately clicked to delete it.
Midwest Supplies, your website does have facility to store credit card information. Whether or not it's on your servers is a different matter. When I log into my account and click "Saved Credit Cards" under the Account heading on the left... Guess What?! It brings up my saved credit cards!
The statement you gave is a blanket statement. Cyber security is complex and having a security certificate, running a simple PCI scan or the ever present label "secure and encrypted" doesn't mean much unless it is done properly. I would suggest hiring competent security professionals who can examine web logs and other transaction logs and of course getting in touch with your credit card processor.
Correct me if I am wrong here but let me see if I have this straight.
-This thread was created the intention of letting fellow HBTers know that the OP and his father both had compromised cards and have MW in common.
-The thread tells that it may not be a bad idea if any of us have used MW recently to look at our billing statements (which we should be doing anyways) just in case to make sure that it didn't happen to us as well.
-Other HBTers chimed in to say that they have had some fradulent activity as well.
-MW has stated that they are aware of this and are looking into things on their side, as well as offering up that they strive to be secure.
With all that in mind, lets not bash Midwest Supplies. They have always been fair with me when it comes to prices and service, and seem to be doing their due dilligence.
-This thread was created the intention of letting fellow HBTers know that the OP and his father both had compromised cards and have MW in common.
-The thread tells that it may not be a bad idea if any of us have used MW recently to look at our billing statements (which we should be doing anyways) just in case to make sure that it didn't happen to us as well.
-Other HBTers chimed in to say that they have had some fradulent activity as well.
-MW has stated that they are aware of this and are looking into things on their side, as well as offering up that they strive to be secure.
With all that in mind, lets not bash Midwest Supplies. They have always been fair with me when it comes to prices and service, and seem to be doing their due dilligence.
I don't think anyone here is bashing MW, and yes, they are a good company. But when over a dozen HBT members have experienced some kind of CC breach, and the common denominator is an order with MW, the odds of coincidence are dropping fast. Midwest has an obligation to rectify this, and giving us a pat statement that "it's not on our end" is disingenuous.
ECUmedford
Member
- Joined
- Apr 8, 2013
- Messages
- 20
- Reaction score
- 6
No reason to have such notifications on our wholesale distribution catalog site that does not accept credit card transactions.
I am no lawyer, but usually it is in the best interest of businesses to not claim any responsibly, no matter how tenuous until they know for certain they are at fault. I am sure that when their investigation is complete they will update us with whatever reasoning they are legally allowed to disclose. I give them a lot of credit for making the statements they have already. You will not see Wal-Mart or Target, or the like doing even that much.
I AM a lawyer, and while, at first glance, that might sound like a great idea, giving a general denial in this instance doesn't really help their case. It would be a better strategy to not draw any conclusion at this time, and simply state something to the effect of "an investigation is still ongoing" (which it should be). You can be honest without admitting culpability.
From a marketing standpoint, making a statement tantamount to "nothing's wrong here" can backfire if and when it is later determined that there was indeed a breach. Even if said breach was the fault of others (hackers), it still happened on MW's watch, and some people will associate MW with that problem and be hesitant to do business via CC.
midwestsupplies
Active Member
We wanted to provide you an update on our on-going investigation into the credit card security matters raised in this Forum.
As part of our investigation, we have involved a number of third-party specialists in web server management, website applications management, website security and credit card processing. Each of these parties, in coordination with the others, has undertaken to assess how and when credit card data could have been compromised.
One of the complicating factors to the investigation is that we store no credit card data. All credit card information is transmitted securely to the credit card processors at the time of the transaction; no credit card information is retained.
A second complicating factor is that the credit cards in question were last used for a Midwest Supplies purchase during a wide ranging period, weeks to months before the fraudulent activity took place.
At this point, none of the third-parties nor our own team have identified how or when credit card data could have been compromised.
We take data security very seriously and are working to complete our investigation as soon as possible.
If anyone has concerns regarding their order or credit card data, please contact me directly at [email protected] or 952-562-5354.
Thanks again and Cheers.
Todd Jackson
Customer Service Manager
Midwest Supplies
As part of our investigation, we have involved a number of third-party specialists in web server management, website applications management, website security and credit card processing. Each of these parties, in coordination with the others, has undertaken to assess how and when credit card data could have been compromised.
One of the complicating factors to the investigation is that we store no credit card data. All credit card information is transmitted securely to the credit card processors at the time of the transaction; no credit card information is retained.
A second complicating factor is that the credit cards in question were last used for a Midwest Supplies purchase during a wide ranging period, weeks to months before the fraudulent activity took place.
At this point, none of the third-parties nor our own team have identified how or when credit card data could have been compromised.
We take data security very seriously and are working to complete our investigation as soon as possible.
If anyone has concerns regarding their order or credit card data, please contact me directly at [email protected] or 952-562-5354.
Thanks again and Cheers.
Todd Jackson
Customer Service Manager
Midwest Supplies
ShootsNRoots
Well-Known Member
- Joined
- Mar 27, 2013
- Messages
- 243
- Reaction score
- 34
Credit card numbers are stored somewhere. Either on your servers or your cc processor servers. It would be best, by default to not retain cc information. If it's done automatically when someone orders that isn't cool. I didn't see an option to disable this retention, instead they must be deleted manually.
I've delt with Todd before. He will def bends over backwards to help in any out of the usual situation. As I stated earlier,info is sent back & forth as packets of information,which hackers have learned to intercept,alter/add on to & send back on it's way. As I've been told & have found out from local police,there is software they can use to track the hacker to a particular comp in a particular room a a house or other structure. I've seen it. Maybe that is an avenue to persue? Make the software automatic where it tracks info to be sure it's only through midwest & you,from their end.
Of course the common denominator here is Midwest. You are at a Home Brew forum. (Insulting comment edited out by moderator - Pappers_) did you ever stop to think you also have this site in common. As well as quite a few others I'm guessing. Not to mention fast food restaurants.
I guess what I am getting at is, I don't believe the common denominator has been found. You're close, and it was great to get everyone rallied together, but I'm not sure you've found it.
Kudos to the original poster for the heads up to the community in this serious matter.
Many of the resulting posts are at best conjecture and a few to one extent or another could harm the reputation of a respected member of the homebrew supply industry. Tread carefully here. An apology post by someone making an early incorrect conclusion does not make any damage done to ones reputation go away after the 'true facts' are uncovered. I think the 'it happened to me too' posts are fine as it shows a pattern for 'experts' who mite be able to use that info in their investigations. Beyond that not a whole lot of good is to be gained by piling on and making wild assumptions.
Just my 2 cents worth. I don't have a pony in the race.
Many of the resulting posts are at best conjecture and a few to one extent or another could harm the reputation of a respected member of the homebrew supply industry. Tread carefully here. An apology post by someone making an early incorrect conclusion does not make any damage done to ones reputation go away after the 'true facts' are uncovered. I think the 'it happened to me too' posts are fine as it shows a pattern for 'experts' who mite be able to use that info in their investigations. Beyond that not a whole lot of good is to be gained by piling on and making wild assumptions.
Just my 2 cents worth. I don't have a pony in the race.
Out of curiosity (and it may already have been answered); but who is the issuer of your credit cards? If ALL the cards have been issued from a single large bank like Chase or BoA or Wells Fargo ; the fault might be there... We (and that is the collective use of we) are looking to lay blame at a commonality... We are ticked off, and rightly so, but it could be the issuing bank that was compromised.
(I seem to remember a few weeks ago something about Wells Fargo getting hacked... Not sure what was compromised, but I do seem to remember the news story).
Groner
Well-Known Member
Well, I finally received my back ordered items from about a month ago. It only took them another week and a half to ship them AFTER they told me on the phone that they were in.
Of course, they just showed up one day. I was never notified when they were shipped as promised by their customer support staff.
Thank goodness it's over with. Now that my gift cards are spent, I can start spending money somewhere else...
Of course, they just showed up one day. I was never notified when they were shipped as promised by their customer support staff.
Thank goodness it's over with. Now that my gift cards are spent, I can start spending money somewhere else...
ECUmedford
Member
- Joined
- Apr 8, 2013
- Messages
- 20
- Reaction score
- 6
I am with a local credit union. My dad is with a national credit union. I've seen various other banks mentioned in this thread.
lgilmore
Well-Known Member
with both Midwest and Austin I was able to check my order, when it shipped there was a tracking number attached to order record. I clicked on it and both gave me the dates the stuff was going to be delivered. Maybe the vendors just need to let you know when you order where your tracking number will be. In my case, I've purchased from both in the last 30 days. Each took two weeks from order to doorstep. the Midwest order was fairly large too.
mikescooling
Well-Known Member
I had a problem with a order and they gave me some money back, so at least they did that. But I feel like they are not doing business like they should. If they went under it's because of poor management. I'm always a little bummed when I see they are the seller on Amazon, it's like "great I found it, O shucks never mind". I know they are reading this and I'm saying to them. It's time to clean house Midwest.
Reading this thread (and another thread concerning credit card security issues possibly connected to MW), I am bummed.
I like Midwest. It's my go-to LHBS, and it was the store that got me started. The people there have always been friendly, professional and helpful. I feel a certain loyalty to them and I enjoy going there. I have only ordered online once, several months ago, and that worked out fine. But now there seems to be a sort of disconnect between the two components of that company. And that is sad. Maybe it's just a transition, or growing pains. We'll see.
That said, I will still do business with MW in person, but will not likely order online until I start seeing a more well-oiled machine.
I like Midwest. It's my go-to LHBS, and it was the store that got me started. The people there have always been friendly, professional and helpful. I feel a certain loyalty to them and I enjoy going there. I have only ordered online once, several months ago, and that worked out fine. But now there seems to be a sort of disconnect between the two components of that company. And that is sad. Maybe it's just a transition, or growing pains. We'll see.
That said, I will still do business with MW in person, but will not likely order online until I start seeing a more well-oiled machine.
seph
Well-Known Member
Well, here I am, dropping by to read some threads on HBT and I find this one.....
I had a fraudulent charge to my card last week, to Wal-Mart.com. It was being shipped to Oyster Bay, NY. I have ordered from Midwest in the past. This just seems strange. I don't blame Midwest, but I will be mentioning this thread to the guys that I brew with for sure.
I had a fraudulent charge to my card last week, to Wal-Mart.com. It was being shipped to Oyster Bay, NY. I have ordered from Midwest in the past. This just seems strange. I don't blame Midwest, but I will be mentioning this thread to the guys that I brew with for sure.
I have to jump in an pile on the general negative sentiment toward Midwest here. The first couple or orders I had with them were slow to ship, but got here in good condition with no problems.
My most recent order was a different story. Not only was the order VERY slow to even get out of the warehouse, it was missing two packets of S-04 yeast, and had two pounds of grain crushed when I specified NO crush (the packing invoice confirms this).
I email them about the missing yeast. It takes several days to hear back, and when I do, it's a short "I'll ship that to you". A couple weeks go by, and finally an envelope arrives... with only one of the two missing yeast packets.
Really, it's only a $3 packet of yeast, but geesh... come on guys, this isn't rocket surgery. Slow shipping is one thing. Slow shipping with errors in the shipping is worse. Slow shipping with errors in the shipping and errors in the "correction" is just too much.
I'll be ordering from other vendors from this point on. Maybe I'll give them another shot in the future, maybe not... but they need to do some serious evaluation of their processes.
My most recent order was a different story. Not only was the order VERY slow to even get out of the warehouse, it was missing two packets of S-04 yeast, and had two pounds of grain crushed when I specified NO crush (the packing invoice confirms this).
I email them about the missing yeast. It takes several days to hear back, and when I do, it's a short "I'll ship that to you". A couple weeks go by, and finally an envelope arrives... with only one of the two missing yeast packets.
Really, it's only a $3 packet of yeast, but geesh... come on guys, this isn't rocket surgery. Slow shipping is one thing. Slow shipping with errors in the shipping is worse. Slow shipping with errors in the shipping and errors in the "correction" is just too much.
I'll be ordering from other vendors from this point on. Maybe I'll give them another shot in the future, maybe not... but they need to do some serious evaluation of their processes.
I had one, too. I haven't ordered from Midwest in several weeks but this seems like a hell of a coincidence. I had a fraudulent charge on Monday morning and then another attempted fruadulent charge later that morning...luckily Fifth Third cancelled the card before the second one.
