Full Disclosure mailing list archives
International Checkout
From: Philippe Meunier <meunier () ccs neu edu>
Date: Thu, 1 Dec 2011 13:33:14 -0500
Hello, Read the email below if you want to laugh a little. Especially the answer to question 1 in the FAQ at the end of the email. No word on how they were pirated or how many credit card numbers were stolen though, but obviously I'm not the only who's received that email: http://forums.whirlpool.net.au/archive/1822778 Anyway, I guess it's alright, since the "Security" section of their privacy policy helpfully indicates that "by using this web site, you acknowledge that the Internet is inherently insecure and that there is always a risk that your personally identifiable information could be intercepted or otherwise accessed and improperly used", which seems to be their way of saying that, whatever happens, it's just going to be the fault of the Internet, not theirs: http://www.internationalcheckout.com/privacy.php (and I guess "We take commercially reasonable precautions to protect your personally identifiable information" is just their way of saying they care about protecting my data only as long as it doesn't cost them too much to do so...) Bleh. Philippe ============================================================ From: "International Checkout Customer Support" <Information () InternationalCheckout com> To: meunier () ccs neu edu Subject: Important Information Regarding Your Purchase at International Checkout Date: Wed, 30 Nov 2011 00:41:06 -0500 Dear Customer, You have made a purchase of Dr. Martens through International Checkout in the last 18 months and Dr. Martens has asked us to ensure you are advised of a recent security issue which took place with International Checkout's online system. International Checkout was recently the victim of a system intruder who was able to access encrypted credit card information. International Checkout has conducted a thorough investigation into the potential risks to our customers. You are receiving this email from International Checkout because your credit card information was in the database which was compromised. We have taken all necessary action to ensure our systems at International Checkout meet recommended and compliant security levels. We encourage you to carefully review your recent credit card statements to identify any unauthorized activity. If you find any unauthorized activity please contact your credit card issuer or bank immediately. You may also consider changing your credit card number if you are concerned for the security of your card details. International Checkout deeply regrets any inconvenience this will cause. For more information regarding the security issue please feel free to contact International Checkout by email to discuss this further at: Information () InternationalCheckout com You can also contact International Checkout's Customer Service by phone on any of the following numbers between the hours of 6:30 a.m. and 6:30 p.m. PST: USA and Canada: +1.866.682.0641 USA Phone: +001.310.601.8196 UK Phone: +44.20.8133.2436 Australia Phone : +61.28003.4685 Denmark Phone : +45.369.50312 Sweden Phone : +46.4069.35779 Hong Kong Phone : +852.8175.6057 Japan Phone : +81.50553.46826 Finland Phone : +358.(02)3619.0437 Brazil Phone : +55.(11)3230.9539 Ireland Phone : +353.1443.3715 Mexico Phone : +52.558.421.8266 New Zealand Phone : +64.9889.0408 You can also find answers to questions you may have in the FAQs below. Sincerely, International Checkout Inc. ___________________________________________________________________________________________________ International Checkout Security Breach FAQ's November 29, 2011 Q1: What is this about? A1: International Checkout has been the victim of a recent security breach. In mid-September, 2011 we discovered that an intruder accessed and potentially compromised our system. We immediately commenced an investigation, notified law enforcement, purged credit card data from our databases to ensure no future vulnerability, and have consulted with both our processor and the credit card associations. Through this investigation, which was just completed on October 31, 2011, we learned that on August 23, 2011, an intruder gained access to part of our system that contained credit card numbers of customers. The credit card information in that database was encrypted, but we have learned that the intruder was able to access the encryption key that was stored separately. International Checkout has implemented all security enhancements recommended by the third party investigator to improve our system security. In addition, we have successfully moved our website to a new system t hat has stronger security measures in place. Q2: What is International Checkout doing? A2: As a precaution, International Checkout is providing notification to people whose information may have been in the database that was accessed so that if it turns out the information was compromised in any way, they can take appropriate action to protect themselves. We have conducted a thorough investigation through a well-recognized third party expert. We have contacted law enforcement and are providing law enforcement, our processor and the card associations with our full cooperation. Q3: What information was in the database that was hacked? A3: The database that was hacked into by the intruder contained credit card numbers of customers. The credit card information in that database was encrypted, but we have learned through our investigation that the intruder was able to access the encryption key that was stored separately. Q4: Were credit card numbers exposed? A4: Yes. Q5: Were bank account numbers exposed? A5: No. Q6: If my information was in the file, what should I do? A6: If you received an email from International Checkout then you name was in one of the files that were accessed. Your credit card number was also in that file. You should review your account statements carefully to see if there have been any charges that you have not authorized. If there are, contact your bank or card issuer immediately at the number on your monthly statement. Even if there has been no unusual activity on your account, you can ask your bank to change your account number. Mark on your calendar to review all this information again every three months. Sometimes identity thieves will wait for time to pass before using your information. Q7: How will I know if my information was used by someone else? A7: You should check your account statements carefully. If someone else has used your bank account or credit card number the activity will appear on your statement. If you see activity that you did not authorize, call your bank or card issuer at the number on the back of your statement immediately and tell them that the activity was not authorized and ask the bank to change your account number Q8: Should I close my bank account or change my account or credit card number? A8: You should review your account activity carefully. Even if you do not find any unusual activity, you may want to contact your bank or credit card issuer to discuss whether you should request a change of account number as a precaution. Q9: Will International Checkout contact me to ask for my personal information because of this event? A9: No. We will not contact you unless you call or write to us first. We will not call you to ask for bank account information or personal identification numbers (PINs) or for your full credit card or social security number. If you are contacted directly by someone who claims to be with International Checkout and who ASKS YOU FOR YOUR PERSONAL INFORMATION, please immediately contact us on the Customer Service details above. This message was sent to meunier () ccs neu edu from: International Checkout | 7950 Woodley Ave. Unit C | Van Nuys, CA 91406 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- International Checkout Philippe Meunier (Dec 01)