WARNING: TFSource Credit Card Info Compromised
Chad Rushing
http://www.tfw2005.com/boards/transformers-general-discussion/286348-warning-tfsource-account-billing-info-compromised.html
or
http://tinyurl.com/tfsource-compromised
It seems that the 3rd party vendor that TFSource.com uses (along with
other companies) has had some of its customer info hacked, and people
are starting to see mysterious charges show up on their credit card
accounts. That being the case, I suggest anyone who has a credit card
number registered with TFSource (a) login and delete it and (b) call
the credit card company to see if charges to iTunes(?) or something
like that have recently been made.
I read that some people were having their credit cards canceled, but
that should be the -last- option one should take, since opening a new
card (even with the same bank) hurts your credit score and canceling a
card can reduce the age of your credit history (depending on which
card you cancel) which also hurts one's credit score. It's really a
matter of how much one is willing to wait and see if anything happens
if nothing has happened already.
- Chad
Gustavo Wombat
> I just read the following warning over on tfw2005.com:
>
> orhttp://tinyurl.com/tfsource-compromised
>
> It seems that the 3rd party vendor that TFSource.com uses (along with
> other companies) has had some of its customer info hacked, and people
> are starting to see mysterious charges show up on their credit card
> accounts. That being the case, I suggest anyone who has a credit card
> number registered with TFSource (a) login and delete it
That's probably too late.
> and (b) call
> the credit card company to see if charges to iTunes(?) or something
> like that have recently been made.
Always check your credit card statements. Well, glance at them. If you
see something you don't recognize, it is probably a retailer using a
weird abbreviation for reporting, but give the credit card company a
call and they can tell you who it is.
> I read that some people were having their credit cards canceled, but
> that should be the -last- option one should take, since opening a new
> card (even with the same bank) hurts your credit score and canceling a
> card can reduce the age of your credit history (depending on which
> card you cancel) which also hurts one's credit score. It's really a
> matter of how much one is willing to wait and see if anything happens
> if nothing has happened already.
You can usually have the bank change your card's number, without it
affecting your credit score -- the account doesn't change, just the
card number. There's a huge difference between reporting a card stolen
and canceling the card.
It will screw up any auto-pay you may have set up, so you have to redo
those, or you will screw up your credit score when your auto-pay fails
and you just ignore the increasingly angry messages from your cell
phone company.
With both credit cards and debit cards, you are only responsible for
the first $50 of fraudulent charges, and most issuers wave that. The
issuer and the store where the stolen cards are used are responsible
for the rest.
With a debit card, that doesn't help put money back into your account
before you need to pay rent, as the reimbursement process is doubtless
slow and complicated. If you registered your Visa backed debit card at
TFSource, I would get the number changed immediately -- and then get a
credit card, so the next time this happens, it's the bank that doesn't
have the money while things are being resolved, not you.
Otherwise, just check your bills, report any fraudulent charges, and
don't worry about it too much -- the stuff you should be doing anyway.
Gustavo! (who does not use debit cards, and insists on ATM cards that
aren't debit cards...)
Chad Rushing
>
> > That being the case, I suggest anyone who has a credit card
> > number registered with TFSource (a) login and delete it
>
> That's probably too late.
If -all- the card numbers were stolen, then I agree. However, there's
always a slim chance that there was just a partial theft of info and/
or that a second unscrupulous person could try to repeat what the
first scoundrel has already done. Regardless, I would not have any
credit card numbers stored with TFSource.com until their or their
vendor's security hole is identified and fixed.
> Always check your credit card statements. Well, glance at them. If you
> see something you don't recognize, it is probably a retailer using a
> weird abbreviation for reporting, but give the credit card company a
> call and they can tell you who it is.
Also, some people commented on the thread that the fraudulent charges
had been marked as "pending" by their credit card companies, so they
had to go so far as to have a representative check their account over
the phone for any charges held in the "pending" state.
- Chad
Travoltron
card and the company luckily caught it and blocked it.
I have to be issued a new card now thanks to this.
Has TFSource said anything about this?
They really should have been the ones to inform all their customers
about this.
Chad Rushing
I got an e-mail from them the other day about it, and they responded
at the top of the thread that was posted. Supposedly, the credit card
info was stored with a 3rd party vendor, so it may have been them that
were hacked instead of TFSource proper.
- Chad
Travoltron
>
> I got an e-mail from them the other day about it, and they responded
> at the top of the thread that was posted. Supposedly, the credit card
> info was stored with a 3rd party vendor, so it may have been them that
> were hacked instead of TFSource proper.
Thanks. I've heard nothing from them... weird.
Chad Rushing
>
> Thanks. I've heard nothing from them... weird.
Here's that e-mail from TFSource that I received on Friday:
-------------------------------------------------------
SUBJECT: TFSource Customer Alert
Dear TFsource Members,
It has come to our attention that some of our customers information
may have been compromised based on an attack that resulted in
fraudulent charges being attempted on some customers credit card
accounts.
We are recommending each customer who has a credit card on file with
TFsource to review your statements and contact your credit card issuer
immediately. Additionally please contact us if you would like us to
remove all of your card data from your account.
Only a sub-segment of our customers so far has been affected, and this
could be a larger issue outside of TFsource, but regardless it is our
recommendation for all customers of TFsource to be safe and follow the
above course of action.
Note: If you make purchases on TFsource via Paypal, Paypal is a
trusted 3rd party and not affected, and is always a secure way to pay
on TFsource. Also customers who pay with check or money order are not
affected.
We are still investigating this matter and have been working
diligently adding additional layers of security to our website, as
well as with our 3rd party credit card processor regardless of where
the issue originated. We will be continuing this process and adding
further security to the site over the next few days and looking at
long term solutions to restore confidence to all who visit our site
and ensure TFsource is always a secure site to shop at.
We realize this is very frustrating for all involved. We at TFsource
have always operated this business with the highest level of
integrity, and I can personally assure you that no one internally at
TFsource was involved in any of these actions.
Finally we would like to thank all that were persistent in bringing
this matter to our attention as early as possible. Without the
community and support we would not have been able to begin immediately
investigating this issue.
Sincerely,
Curt
-------------------------------------------------------
If not all fraudulent charges were made immediately, people may want
to recheck their credit cards this week.
- Chad