Bulk Reef Supply Security Breach

I also had my credit card hacked 1 day after ordering from BRS in early January before this started becoming an issue. My bank overnighted me a new card, I placed an order with BRS, and it was again hacked the next day. I made no other purchases on the second card. What kills me is when I called to get a third new credit card, I knew it was coming from BRS and asked if I could speak with someone in their fraud department and got the generic answer that they're looking into it. I felt a little insulted that I had what I thought was some valuable information and they could care less.

I'm not really sure how I feel about using BRS in the future because of this and whether or not their response was adequate, but I understand why holding something like this against them personally sounds foolish.
 
Got my letter in the mail today. Signed up for the protection service plan BRS offered. Now we will see how long it takes for some other dirtbag to cause me grief. My wife was involved with the Anthem mess going on now.
 
I received my letter today. I will be signing up for their protection plan today or tomorrow. It says that you can be in jeopardy for identity theft up to a year. :headwallblue:
 
I got my letter yesterday, when I spoke with BRS they said that full credit card number's were not stolen. Seems like a lot of BRS customer's have been victims of theft lately though hmmmmm.. I only had one purchase during the time of the breach and used paypal, not sure if that offered any protection or not, although you are diverted to paypals website for payment processing. I have been getting a lot of out of state phone calls from "tax expert's" who did my taxes a couple years ago (I do my own taxes). The "tax expert's" wanted me to verify my SSN. Seems like our info may have been sold to other scammers looking to further scam us.
 
Got my letter today as well. Luckily I have had the service they are offering due to the South Carolina state breach couple years back, target, Home Depot and .....

Funny thing, I shook Letter, like a kid does for their birthday, waiting for that coupon to fall out :) ( that includes Ecotech)
 
Jone said:
Never had anyone hack my wallet,,if I want to buy something with cash,,I buy it get a receipt and done..Dont have to sign anything,,open a bill of any sort,,make a bank transaction to pay the bill plus worry about getting hacked and spending time to resolve it,,and my personal info possibly being stolen.. Cash is the best and fastest EVER..
You must work for some sort of internet company ,financial institution or government agency of some sort to think the way your post reflects or maybe a member of one of those hand held, spoon fed generations ...
The ONLY thing credit cards and debit cards make possible are long distance transactions easy and fast,,outside of that ,,there's nothing else..
Click to expand...

If someone steals your cash, it was yours, but there is no way to prove it other than your word, you're SOL in this case. However if someone steals a card, and use it, they are using the bank's money. Nowadays there are protections in place as well that most banks that offer CC's don't hold you liable for charges that weren't yours, and are good at catching them. Also unless you found a way to feed your computer cash and have it come out on the other side intact, I'm pretty sure you can't buy anything online with cash. I'm not trying to be a dick here, just wanted to offer a logical counter argument.
 
Add me to that list. As we speak my Debit card has been closed due to 7 attempted charges on it. Thankfully my bank is on top of things. I still have to got the bank tomorrow to get a temp card and wait for the new one. I kept banging my head trying to figure out how they got my info. I haven't used the card locally to buy anything. I use cash bc of fear of this same problem.
 
I got hit as well. The thing I do not understand is why they were aware of the issue weeks ago (Jan 30th) and are just now getting those letters out. Sure would have been nice to cancel the card before fraudulent activity. I also dont see how their attempt at an apology is a credit monitoring service. Thats included with any reputable cc company anyways. How about a "Sorry this happened, we would like you to take a chance with our business again, here's a coupon". But that would be too reasonable.
 
I emailed them on Dec5th, I had 2 brand new CC's stolen that where only used on their website, There E COMMERCE director replied to my email. he blew me off. Now 2 months later I get a letter in the mail. I r one unhappy customer. I lost 3500 bucks, and their worried about their image instead of helping fix the problem they caused. In the words of Milton... Im going to burn this m%^^&* f&*() down. ;)
 
hobineros said:
I emailed them on Dec5th, I had 2 brand new CC's stolen that where only used on their website, There E COMMERCE director replied to my email. he blew me off. Now 2 months later I get a letter in the mail. I r one unhappy customer. I lost 3500 bucks, and their worried about their image instead of helping fix the problem they caused. In the words of Milton... Im going to burn this m%^^&* f&*() down. ;)
Click to expand...

I still have the emails as well. I made them aware of this months ago, and now they screwed so many people.
 
hobineros said:
I emailed them on Dec5th, I had 2 brand new CC's stolen that where only used on their website, There E COMMERCE director replied to my email. he blew me off. Now 2 months later I get a letter in the mail. I r one unhappy customer. I lost 3500 bucks, and their worried about their image instead of helping fix the problem they caused. In the words of Milton... Im going to burn this m%^^&* f&*() down. ;)
Click to expand...
You lost $3500? Your cc didn't cover it? In the words of Milton? Really?
 
I recieved a letter from BRS as well. Also just got this in an email from Premium Aquatics-

Due to recent events of one of our fellow aquarium stores. We wanted to assure everyone of our security with your credit card information. It's such a shame to see all these attacks in the news, but especially when it hits so close to home with a fellow aquarium store. We wanted to explain our system again below and also let everyone know we are being much more strict on where your orders are shipping too and asking for additional information when necessary. We know it can sometimes be a burden, but we want to make sure everyone placing an order owns the credit card to protect you and us.

Credit Card Tokenization (data security). Unless you've been living under a rock (and you're not a fish in an aquarium, so why would you?), we know you've heard about all the credit card hacking that's been taking place. We want our customers to place worry-free orders, so for the last year we have been using an advanced tokenization method. It works like something like this: when you enter your card info, the data is never sent to our servers. Instead, it's split into tokens and we receive authorizations. We'll only have the last four digits of your card - worthless to any hacker. While it's an expensive service, we firmly believe there's no price too high to pay for your peace of mind.
 
Ramble On Rose said:
Credit Card Tokenization (data security). Unless you've been living under a rock (and you're not a fish in an aquarium, so why would you?), we know you've heard about all the credit card hacking that's been taking place. We want our customers to place worry-free orders, so for the last year we have been using an advanced tokenization method. It works like something like this: when you enter your card info, the data is never sent to our servers. Instead, it's split into tokens and we receive authorizations. We'll only have the last four digits of your card - worthless to any hacker. While it's an expensive service, we firmly believe there's no price too high to pay for your peace of mind.
Click to expand...

I'm shocked that someone as large as BRS wasn't on this bandwagon.

Premium Aquatics just got a new customer.
 
There once was a secure facility, created with the sole purpose of isolating the facility from any and all outside electronic access. It was hack proof because it was entirely isolated from the Internet. Someone found how to penetrate the electronic vacuum by having a virus piggyback on a thumb drive. Look into the Korean nuclear hack.

One can build an incredibly secure network, but thieves are working day in and day out to determine where cracks in the wall exist. Just like a leak in your roof, it is much more likely that you will discover it when you see water spotting inside than discovery before water penetrates. While it stinks that BRS was compromised, they are doing the right thing in addressing the issue. Heck, they are doing more than the DoD did for me when they lost my info. A couple times.

Due not to the BRS breach, but the nature of modern thievery, I am in the process of restructuring my banking network. I used to have one checking account and everything went through it. I'm structuring accounts by expense type now. Monthly bills get one account. Daily expenses, where my card information is more susceptible to getting skimmed, have another account so that I have less risk of bouncing a payment due to theft, or not realizing that my wife bought something that would make us bounce a payment.

We each have a credit card that is used for uncommon purchases, such as a large auto repair bill or renting a car for vacation since neither of our cars is big enough for the entire family, which is paid in full when the bill comes in. Gotta rebuild our credit after the housing market crash crushed us.
 
in a way they are with the paypal integration. Paypal only sends them an authent code.

I am unsure how they handle payments when you do not store Credit card info but it is that storing for future purchases that opens you up and what was taken from what I gather.
 
Breadman03 said:
There once was a secure facility, created with the sole purpose of isolating the facility from any and all outside electronic access. It was hack proof because it was entirely isolated from the Internet. Someone found how to penetrate the electronic vacuum by having a virus piggyback on a thumb drive. Look into the Korean nuclear hack.
Click to expand...


this is known as a air gapped network. they're common place on very secure locations, but just like you pointed, humans are always the weak point.

the usb mechanism you mentioned is precisely the attack vector used by stuxnet (possibly the coolest malicious code ever written) to penetrate and sabotage Iranian nuclear accelerators.

the command and control infrastructure alone was impressive. wired has a great write up on it:

http://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/

i can't find the link right now, but i read an article a while back reporting on a study of these rogue usb sticks. apparently if you drop a usb stick somewhere, there is a really good chance someone is going to pick it up and put it in their computer.

if that usb stick happens to have a company logo on it, the success rate is frighteningly high.
 
You must log in or register to reply here.

Similar threads

Mr. Brooks
FS: Activated Carbon - ROX 0.8 from Bulk Reef Supply - Roughly two gallons $60
Replies
6
Views
726
waterman78
W
B
Apex Pro Failure - Lack of Support from Apex
Replies
4
Views
376
griss
griss
C
Biota Group Captive Bred Mandarin Dragonet - 4 Month Update
Replies
5
Views
760
OTTOMATIC
O
o2manyfish
o2manyfish - Status Update on 750g tank upgrade.
Replies
3
Views
762
acesq
acesq
W
White Mountain Floating Reef
Replies
17
Views
1K
Trevor40
Trevor40
Back
Top