credit card information

Tide fans ordering from Bamastuff.com may have had credit card information stolen

Jan 26th, 2012
by admin.
No comments yet

Alabama apparel.jpgCredit card users who ordered University of Alabama merchandise from Bamastuff.com may have had information stolen. (The Huntsville Times/File photo)

TUSCALOOSA, Alabama – University of Alabama fans who bought items from Bamastuff.com between Aug. 1, 2009, and Jan. 16, 2012, are being alerted to contact their banks for possible illegal and unauthorized use of their credit cards.

Bamastuff.com has sent out email notifications informing customers about a breach in its database, which was discovered this week by the company’s IT director, David H. Jones.

In his email, Jones says information including customers’ names, email addresses, billing and shipping addresses, telephone numbers, credit card information and/or a cryptographically scrambled passwords (not the actual password) could have been stolen.

“We can’t tell you how sorry we are this has happened and apologize for any inconvenience this has caused,” Jones said in the email. “We are still investigating to see how it happened and to figure out exactly what was taken but to err on the cautious side we wanted to inform you of this incident. “

In a phone interview with The Huntsville Times, Jones said he knows of numerous fraudulent charges made on Bamastuff.com customers’ bank accounts.

“Most have been reversed, but we just don’t know about others yet,” he said.

Jones urged everyone receiving his email to contact their bank and to change their password if it is the same as the one used to make orders with Bamastuff.com.

“We are still investigating the server’s log files to pinpoint exactly what was taken and how, but we suggest if you have not already taken action (due to prior bank notification) to cancel and/or change your credit or debit card associated with your order, to do so immediately,” he wrote.

The email included the expiration date of the card used so customers will know which card was used, although most are likely past their expiration date, he said.

“We wanted to be safe and alert everyone regardless of how old the data was,” he wrote. “If you receive multiple emails, it is because you had multiple cards in the system for different orders.”

Jones said they are fairly certain that orders placed after Jan. 16 are not affected based on the access logs on the server.

“It appears to be a one time attack and we have taken numerous steps to fend off any future ones,” he said. “We suggest those who placed their first order with us after (Jan. 16) to monitor their bank statements for any fraudulent activities.”

Jones also said old orders, including names, addresses and credit card numbers, are being archived and customer data is being deleted from the system for those not placing an order with Bamastuff.com since the start of the 2009 season.

“We also recommend that you change your password on any other website where you use the same or a similar password,” he said, and cautioned customers to never give out their account number over the phone or in an email if they receive a call from someone claiming to be with Bamastuff.com.

To protect against future theft, he said the company has upgraded and installed various security software to monitor activity.

Customers are asked to go to Bamastuff.com’s account page and sign in and click “Password.” but Jones said don’t worry if you can’t log into the system.

“We removed all orders older than Aug. 1, 2009, and then all customer and address information that no longer had an ‘active’ order in the system. so if it says you don’t exist, you haven’t ordered since August 2009 and are no longer in our database.”

For questions, concerns or comments, a special email account has been set up at ccinfo@bamastuff.com.

Tide fans ordering from Bamastuff.com may have had credit card information stolen

WAVE 3 News – Louisville, KentuckyElectronic pickpockets can steal credit card numbers out of air

Dec 14th, 2011
by admin.
No comments yet

LOUISVILLE, KY (WAVE) – we all know to keep an eye out for criminals during the holiday shopping season. What you may not know is that thieves can now steal your credit card information without the card ever leaving your purse. the WAVE 3 Troubleshooter discovered technology that is supposed to make your life easier could actually be making you a target. you may have one of these at risk cards, and not even know it. but the Troubleshooter Department found some simple ways you can protect yourself. as he walked across Fourth Street Live! In downtown Louisville, Nathan Lee watched his credit card information swiped right from his pocket, right out of the air. all thanks to technology he didn't even know he had in his wallet.”Kind of an eye opener,” Lee said. “I didn't think it was that easy.”But Walt Augustinowicz, CEO of a company called Identity Stronghold, said it is surprisingly easy to steal account information off credit or debit cards equipped with RFID, or radio frequency identification. Cards equipped with RFID have a small chip inside connected to an antenna that lets you wave your card to pay using special readers found at an increasing number of stores. but Augustinowicz said that tiny chip can cause you big problems.”The word has not got out to most people,” Augustinowicz said. “They don't realize these cards are just broadcasting their credit card numbers.”Augustinowicz's company makes sleeves for federal and state agencies that want to protect information contained in RFID badges and ID cards. “You know people need to know they can get a sleeve or get a shielded wallet so that they are protected,” he said. “If they don't do that they might as well just print their credit card information on the back of their shirt and walk around in public because it's no different.”Using a homemade device pieced together from electronics bought off the Internet for around $100, Augustinowicz showed us how easy it is for  thieves to get a return on that investment. Using willing participants in public areas, Augustinowicz was able to electronically obtain the card type, number and expiration date from 4 different people with RFID credit cards in about an hour.”It's really creepy to know that people can get your credit card information without you ever even knowing it,” said Elizabeth Garcia after Augustinowicz used his device to get her card information without ever taking it out of her purse.In response to questions from the WAVE 3 Troubleshooter Department, American Express called the threat of electronic pick pockets “extremely small. MasterCard said they are seeing “zero fraud from contactless transactions” using RFID cards.but the Troubleshooter Department uncovered documents from Visa that seem to indicate the threat is real. a 2005 patent request from Visa included this: “it is entirely possible that a contactless reader may be used for surreptitious interrogation (e.g., data skimming).”Visa said that patent request was written when RFID technology was first being developed and additional layers of security have been added to cards since then. Visa also said security code and addresses cannot be skimmed using RFID, making fraud difficult. the company repeated what other card companies told us: that data skimming using RFID is simply not an issue. but Augustinowicz said the card companies are trying to minimize the problem.”They know this is an issue,” Augustinowicz said. “They know these cards can be read.”Augustinowicz suggests slipping RFID cards into a sleeve that blocks the radio frequency so thieves can't grab it out of the air, or keep RFID cards in an electromagnetic sealed wallet. both products can be found on his company website. Visa suggested the only reason Augustinowicz is peaking out is to sell his card sleeves and wallets.

Follow the WAVE 3 Troubleshooter on twitter, or friend him on Facebook.

Copyright 2011 WAVE News. all rights reserved.

WAVE 3 News – Louisville, KentuckyElectronic pickpockets can steal credit card numbers out of air

WLOX-TV and WLOX.com – The News for South MississippiCredit card fraud overshadows holiday shopping

Dec 10th, 2011
by admin.
No comments yet

BILOXI, MS (WLOX) –

While you're on the lookout for that perfect holiday deal, thieves are on the lookout for your personal information.

“We see a lot more fraud of every kind, including credit card fraud,” said Jackie Rhodes of the Biloxi Police Department.

Online shopping makes knocking out your Christmas list easy, but that convenience also puts your credit card information at risk.

“They [hackers] can get your credit card number. they can get the little three digit number on the back, and if they have those two things they can go online and buy anything they want to,” said Rhodes.

Police say that if you are shopping online to make sure the website has a security certificate. also, if you're using Wi-Fi, make sure it's password protected.

“If it doesn't have a security certificate, don't give any credit card information because there is somebody on the other end collecting that information,” said Rhodes.  “Next thing you know, you have a $20,000 charge on your credit card that you know nothing about.”  

Even when shopping in person, you still need to keep an eye on your surroundings.

“If somebody is standing by you with a phone in hand, they could be taking a picture of your credit card number. they could be taking a picture of what numbers you type into a key pad. Pay attention to that. Trust your instincts,” said Rhodes.

Even discarded receipts could hold valuable information.

Rhodes also suggests carrying only enough cash to cover your purchases, and only carry the credit cards you use.

If you see any suspicious activity, police say to alert a security guard or ask a store employee for help.

Copyright 2011 WLOX. all rights reserved.

WLOX-TV and WLOX.com – The News for South MississippiCredit card fraud overshadows holiday shopping

← Earlier Posts