Anybody take advantage of 20% off?

[Natrix]

This response was posted on Fwoosh from CSC.

Howdy folks!

Argh! That's all I can say at this point...

Further investigation is currently pointing to the credit card processing company being hacked. Since we do not keep credit card numbers on any server for more than a few days (the legal period in our jurisdiction is 30 days, but ours are rarely 'in play' for more than 2-3 days given the way we operate), it appears that only cards that actually had orders processed on them could be potentially impacted.

We've got nearly 30,000 customers in our databases, and all the folks reporting issues had orders 'processed' within the same timeframe. It appears that many card numbers that did not even exist on our servers at the time, but were processed (for DCU or other pre-orders) in the given timeframe, were compromised.

The processor has been notified, but they're not talking (yet.) I can't say as I blame them, as it could be them, or the bank itself or the Visa/MC system. We've re-routed our processing to our secondary processor until they can give us a full report on our inquiry. This not only gives us a little more comfort, but the loss of business will hopefully light a fire under their asses to provide an answer.

In the meantime, we've been running non-stop site testing all weekend to ensure that our cart itself is secure. All tests show that upon entering the actual cart pages, the URL is redirecting to the https SSL (Secured Socket Layers) pages, meaning that 256-bit encryption is still in play. At this encryption level, we can all remain confident that data submitted to us remains secure.

As I was very clearly inf0rmed when I reported the concern to the processor, I've told you as much as I am legally allowed to without threat of lawsuit and/or fines at this point. Apparently even if it comes back as proven to be a processor problem, there are strict limits as to what I am allowed to tell our customers. On one hand, that just seems crazy to me. At the same time, I would guess that a breech of this sort could have much further reaching economic implications were it not handled properly by the impacted retailer(s).

Hope that helps. Please feel free to share this inf0 with any other boards where the topic may arise. Keep a sharp eye on your credit card activity for the next few days. And, as always, please feel free to let us know if you have any questions at all.

Thanks,
T-

 

[samueljd]

I'm gonna keep an eye on my charges. I haven't seen the CSC charge hit my account yet.

 

[emceerice]

Man this sucks...but good of CSC to tell the community whats going on.

 

[occulum]

I'm gonna keep an eye on my charges. I haven't seen the CSC charge hit my account yet.

yeah I havent seen my charge show up yet either, but I did get UPS tracking for my order just a bit ago ...

 

[emceerice]

yeah I havent seen my charge show up yet either, but I did get UPS tracking for my order just a bit ago ...

When did you put in your order occulum? CSC is usually super fast at packing and shipping my stuff. But I'd assume they got a massive amount of orders this weekend, plus all this headache to deal with.

 

[occulum]

actually placed it just yesterday morning.
Im not worried about the charge showing up. It mustv gone thru if Ive received tracking already ....
.. youre right. That was fast shipment too ...

 

[emceerice]

CSC is awesome and I highly recommend them to anybody. This whole fiasco clearly isn't their fault, so I hope it doesn't impact business later on down the road.

 

[Buttmunch]

Mine had to be stolen in this fiasco then. Probably them getting my cardr ready for DCUC.

 

[samueljd]

CSC is awesome and I highly recommend them to anybody. This whole fiasco clearly isn't their fault, so I hope it doesn't impact business later on down the road.

I too recommend them. I have ordered several items from CSC and never had an issue. The products were shipped quickly and I never had issue with their service.

 

[ripper_joe77]

I think i'm to late for the sale.

 

[superdoug]

This may be a stupid question but what if you ordered through the pay pal option

 

[emceerice]

I think i'm to late for the sale.

Yeah looks like it ended today.

 

[icepho3nix]

I got 2 tracknig numbers for one order yesterday... Both said that it was supposed to ship on the 9th. I checked again earlier today, it says its supposed to ship on the 10th. First time ordering from them, dunno what it means...

 

[superdoug]

i've ordered from them a handful of times and i've always had good customer serivce and all. It's a shame they had the computer hack thing happen.

 

[UTtoyfan]

I preordered Dutch from CSC on 2/28, and it does seem like my card number was taken as well. This past Sunday, my card company called me about two charges of $1 which they thought were fishy. I confirmed that it wasn't me and so now my card is cancelled.

 

[superdoug]

here's the latest from cornerstore (they posted it on fwoosh)

Howdy folks!

Thanks for starting up this thread. This whole thing has been VERY frustrating for us (as well as many of you) because we are legally limited as to the actions we are allowed to take with regard to posting anything on the website about the situation or emailing/calling customers about the situation until the processor has been allowed their 'investigatory' period to research and report on the incidents in question. ARGH!

So here the scoop (as best we can tell and as best as we are allowed to say) in a public forum:
It appears the breech potentially involves orders placed and/or processed between about February 25th and March 5th-ish. Any new order placed or pending order processed during that period could have been subject to the compromised batch processing that was done on those days. PLEASE keep a close eye on your credit card accounts for the next week or so if you placed or had processed an order from CSC.

As far as new orders go, all is safe. We've rerouted processing to bypass the processor in question. We've got network services monitoring our site 24/7 to alert us of ANY admin access that is not coming from either Jake or myself. The order server was moved and all passwords were changed within an hour of us hearing the first word about fraudulent charge concerns. We do take this stuff very seriously.

PayPal orders placed during the fraudulent period are at zero risk. Our system in no way has any access to people's PayPal password info, and none of those orders go anywhere near our credit card processing system anyway. Again, there is no risk (from us or our processor) with regards to any PayPal order placed.

New charges processed now will not impact whether your card info was initially stolen during the questionable processing period. Depending upon how much information the hackers got (which we are not privy to, if the processor is even able to tell), fraudulent attempts at charging your card could still be a possibility. Again, PLEASE monitor your card activity closely if you placed any order during this period or had one processed for you (for new arrivals such as DCU, Sideshow Stormtroopers, etc.)

You all have my sincere apologies for the situation, whether you have been directly impacted or not. It's a frustrating, annoying, stressful thing when dishonest people can impact the lives of innocent folks. As always, we are happy to answer whatever questions you may have (to the extent we can to avoid legal implications or litigious liability, for now.)

Thanks much,
Thomas
CSC

 

[occulum]

gotta say theyve done/are doing theyre best to resolve the issue any way they can themslves.
They lose no credibility in my book. Sucks it happened. Hope it doesnt impact their business much ...

 

[Reefer Shark]

Yeah - that sucks. I ordered something from them over the weekend, so I'll have to keep an eye out for fraud. Not too worried about it TBH.

Fortunately (or unfortunately I guess), CC fraud is so common these days, it's become very easy to recover your funds in most cases (we just went through this last year ourselves).

 

[DCFett]

gotta say theyve done/are doing theyre best to resolve the issue any way they can themslves.
They lose no credibility in my book. Sucks it happened. Hope it doesnt impact their business much ...

Gotta differ with you on that. Having been stung, I think Thomas could be calling his customers as their cards are declined, but he isnt. We'd expect as much from anyone else. Period. I know Thomas personally, but I dont think he's going about this the right way.