Identity theft

Messages
806
Location
New Springfield OH
I got a letter from Johnnys Seeds today,

I am contacting you to advise you that on February 4 2007 an unauthorized person, from outside Johnny seeds broke into our website and stole data. We discovered this theft on February 18,2007. Your name, address, phone number, and payment information, including your credit card number ending in XXXX where among the records stolen.

It goes on to say how sorry they are and so on. I didn't' open the mail till 5:45pm, bank closes at 6. good thing the wife works just 4 blocks away. I had to call her at work. she clocked out ran down to the bank and canceled the debit card.

What I'm wound up about is the amount of time it took to notify me, and why where they storing CC information in the clear? In fact why where they storing it at all?. Any time I've ordered I have always had to enter the CC information over.

I'm going ot have them on the phone Monday and they better have a darn good reason for knowing about this on the 14th but not mailing a letter about it till 27th

Wife checked the account, there was NO unauthorized activity
 
Last edited:
That's not good. They'll have a good excuse about the delay. Two weeks is nothing... it took three for a certain local university to disclose, and they were all proud of themselves about how fast they were. It's shocking.

By the way, they broke the PCI standards when they stored your cc number... not that that helps you. At best, you'll get them to pay for your credit checks, but that's unlikely with such a small outfit. Meanwhile, by now, your info has already been sold around asia. Going rate is thirty dollars per card with good info... special today: 20 bucks a card if you buy 100 or more.

You'll need to cancel your card, and watch your credit for a while. Best case, it's a time wasting hassle. Oh, and this will likely put the company out of business... they'll have costs they may not be able to absorb. Bad news aLL all around...

Thanks,

Bill
 
Actually Bill it was our debit card for the checking account, it's all ready canceled.

2 weeks for a new one though which is a hassle.
They actually gave me a reference number to get a copy of my credit report for free. I'll do that next week. It was time for yearly anyway
 
ok enlighten me, how was it that you were able to get notified of the theft? if you didnt get told and were just going on with your normal payment schedule would it have shown up as in purchase from some strange place? reason for my asking is i have a suspicion i got got awhile back but didnt catch it. till took over the bills again and inadvertly changed banks. so for my future i would like to be notified if it were to happen.
 
You fell for a piece of SPAM it sounds like to me...:eek:

Probably not. This kind of thing has been happening. We were notified by ABN AMRO that they lost a tape with our mortgage information on it--and later when they found it still in the sealed package. My brother and his wife were notified when DSW Shoe Warehouse had data stolen.
 
Probably not. This kind of thing has been happening. We were notified by ABN AMRO that they lost a tape with our mortgage information on it--and later when they found it still in the sealed package. My brother and his wife were notified when DSW Shoe Warehouse had data stolen.
I've been part of an ongoing one where some idiot at Boeing's payroll center took home a laptop with several hundred thousand employee and retiree names/SSNs on it...and it got stolen. They think the files are encrypted but aren't sure, so they're providing free Experian ID theft services to everybody involved for the foreseeable future. So far so good. :rolleyes:
 
You fell for a piece of SPAM it sounds like to me...:eek:

I'm smarter than that, I've been doing the internet thing since it was available in our area, and did BBS's before that. I NEVER EVER click on links in emails, fact of the matter is I very seldom see them anyway since I get very little spam in my main account. I have a secondary account for family and friends, third on for business dealings and a fourth for general online use. The third and fourth one get all the spam.

They got my information by hacking into a company network that I do business with. In fact I probably %80 of my seed from them

Larry
Johnnys, the company that got hacked notified me after they figured out that someone had stolen info off of THEIR system.

My only mistake was doing busines with them. They should have NEVER had the Bank card information stored on thier computer
 
I talked to one of the managers yesterday. Seems they found out when a customer called because they had a fraudulent charge on CC and the only place they had used it was at Johnnys.

Apparently the hacker only took chunks of information here and there in an effort to not get noticed. They had to go through and figure out who's information had been stolen. The do have the FBI involved and they know it came from the U.K.

I feel the gentleman I talked to was sincere. He said he was under the impression that the network was secure before. He said they have hired some new IT people who have made a lot of changes. The are working with the Insurance company right now to reimburse anyone who is out any money and compensate every one for the inconvenience. I'm not holding my breath on that one , I know insurance companies.
 
Sorry to here about your luck.

You are doing all the right things. Keep an eye on your records and take them up on any offers for free credit protecction.

As far as the debit card goes, if it is a Visa logo you are protected just the same as if it is a cc. That is not to say that you wouldn't have the hassle of dealing with the money being taken from your account and then wait for the money to be returned.

One thing you can do to minimize this is use a card provider that offers online card numbers. I use this and it is great. basically you go to the website for the card and generate a new onetime number and can set the expiration date and also the dollar amount. Then the retailer only has a record of a number that cannot be reused. So for me if I am spending maybe $45 I set the limit to $50 to just make sure the charge goes thru.

Someone else stated correctly that they definitely fell down on protecting your information regarding PCI requirements. Basically regulatory requirements to force businesses to do the right thing to begin with.
 
Top