[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] International Checkout
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] International Checkout
- From: Philippe Meunier <meunier@xxxxxxxxxxx>
- Date: Thu, 1 Dec 2011 13:33:14 -0500
Hello,
Read the email below if you want to laugh a little. Especially the
answer to question 1 in the FAQ at the end of the email. No word on
how they were pirated or how many credit card numbers were stolen
though, but obviously I'm not the only who's received that email:
http://forums.whirlpool.net.au/archive/1822778
Anyway, I guess it's alright, since the "Security" section of their
privacy policy helpfully indicates that "by using this web site, you
acknowledge that the Internet is inherently insecure and that there is
always a risk that your personally identifiable information could be
intercepted or otherwise accessed and improperly used", which seems to
be their way of saying that, whatever happens, it's just going to be
the fault of the Internet, not theirs:
http://www.internationalcheckout.com/privacy.php
(and I guess "We take commercially reasonable precautions to protect
your personally identifiable information" is just their way of saying
they care about protecting my data only as long as it doesn't cost
them too much to do so...)
Bleh.
Philippe
============================================================
From: "International Checkout Customer Support"
<Information@xxxxxxxxxxxxxxxxxxxxxxxxx>
To: meunier@xxxxxxxxxxx
Subject: Important Information Regarding Your Purchase at International Checkout
Date: Wed, 30 Nov 2011 00:41:06 -0500
Dear Customer,
You have made a purchase of Dr. Martens through International Checkout in the
last 18 months and Dr. Martens has asked us to ensure you are advised of a
recent security issue which took place with International Checkout's online
system.
International Checkout was recently the victim of a system intruder who was
able to access encrypted credit card information.
International Checkout has conducted a thorough investigation into the
potential risks to our customers. You are receiving this email from
International Checkout because your credit card information was in the database
which was compromised. We have taken all necessary action to ensure our systems
at International Checkout meet recommended and compliant security levels.
We encourage you to carefully review your recent credit card statements to
identify any unauthorized activity. If you find any unauthorized activity
please contact your credit card issuer or bank immediately. You may also
consider changing your credit card number if you are concerned for the security
of your card details.
International Checkout deeply regrets any inconvenience this will cause.
For more information regarding the security issue please feel free to contact
International Checkout by email to discuss this further at:
Information@xxxxxxxxxxxxxxxxxxxxxxxxx
You can also contact International Checkout's Customer Service by phone on any
of the following numbers between the hours of 6:30 a.m. and 6:30 p.m. PST:
USA and Canada: +1.866.682.0641
USA Phone: +001.310.601.8196
UK Phone: +44.20.8133.2436
Australia Phone : +61.28003.4685
Denmark Phone : +45.369.50312
Sweden Phone : +46.4069.35779
Hong Kong Phone : +852.8175.6057
Japan Phone : +81.50553.46826
Finland Phone : +358.(02)3619.0437
Brazil Phone : +55.(11)3230.9539
Ireland Phone : +353.1443.3715
Mexico Phone : +52.558.421.8266
New Zealand Phone : +64.9889.0408
You can also find answers to questions you may have in the FAQs below.
Sincerely,
International Checkout Inc.
___________________________________________________________________________________________________
International Checkout
Security Breach FAQ's
November 29, 2011
Q1: What is this about?
A1: International Checkout has been the victim of a recent security breach.
In mid-September, 2011 we discovered that an intruder accessed and potentially
compromised our system. We immediately commenced an investigation, notified
law enforcement, purged credit card data from our databases to ensure no future
vulnerability, and have consulted with both our processor and the credit card
associations. Through this investigation, which was just completed on October
31, 2011, we learned that on August 23, 2011, an intruder gained access to part
of our system that contained credit card numbers of customers. The credit card
information in that database was encrypted, but we have learned that the
intruder was able to access the encryption key that was stored separately.
International Checkout has implemented all security enhancements recommended by
the third party investigator to improve our system security. In addition, we
have successfully moved our website to a new system t
hat has stronger security measures in place.
Q2: What is International Checkout doing?
A2: As a precaution, International Checkout is providing notification to
people whose information may have been in the database that was accessed so
that if it turns out the information was compromised in any way, they can take
appropriate action to protect themselves. We have conducted a thorough
investigation through a well-recognized third party expert. We have contacted
law enforcement and are providing law enforcement, our processor and the card
associations with our full cooperation.
Q3: What information was in the database that was hacked?
A3: The database that was hacked into by the intruder contained credit card
numbers of customers. The credit card information in that database was
encrypted, but we have learned through our investigation that the intruder was
able to access the encryption key that was stored separately.
Q4: Were credit card numbers exposed?
A4: Yes.
Q5: Were bank account numbers exposed?
A5: No.
Q6: If my information was in the file, what should I do?
A6: If you received an email from International Checkout then you name was
in one of the files that were accessed. Your credit card number was also in
that file.
You should review your account statements carefully to see if there have been
any charges that you have not authorized. If there are, contact your bank or
card issuer immediately at the number on your monthly statement. Even if there
has been no unusual activity on your account, you can ask your bank to change
your account number.
Mark on your calendar to review all this information again every three months.
Sometimes identity thieves will wait for time to pass before using your
information.
Q7: How will I know if my information was used by someone else?
A7: You should check your account statements carefully. If someone else
has used your bank account or credit card number the activity will appear on
your statement. If you see activity that you did not authorize, call your bank
or card issuer at the number on the back of your statement immediately and tell
them that the activity was not authorized and ask the bank to change your
account number
Q8: Should I close my bank account or change my account or credit card
number?
A8: You should review your account activity carefully. Even if you do not
find any unusual activity, you may want to contact your bank or credit card
issuer to discuss whether you should request a change of account number as a
precaution.
Q9: Will International Checkout contact me to ask for my personal
information because of this event?
A9: No. We will not contact you unless you call or write to us first. We
will not call you to ask for bank account information or personal
identification numbers (PINs) or for your full credit card or social security
number. If you are contacted directly by someone who claims to be with
International Checkout and who ASKS YOU FOR YOUR PERSONAL INFORMATION, please
immediately contact us on the Customer Service details above.
This message was sent to meunier@xxxxxxxxxxx from:
International Checkout | 7950 Woodley Ave.
Unit C | Van Nuys, CA 91406
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/