WTSO was partially hacked. Payment info still secure.

[John M.]

I know a lot of us use this site...here is the letter I just received.


To our valued Members,

From WTSO’s inception we have taken numerous precautions to protect and keep your data secure. We discovered that over the weekend we had a brief intrusion into our site in which your email address may have been compromised. However, you can be assured that your payment information and your billing and shipping addresses remain secure. By design, it is impossible for anyone to have gained access to any credit card information because we do not keep those records in our database and for your protection use a third party processor (www.Authorize.net) to manage all credit card profiles and authorizations.
Any request for information from communications claiming to be from WTSO should be disregarded as such requests will not be legitimate. Further, we will never ask you for credit card numbers or usernames through an email request and we will not ask for your password in any situation. We will mainly communicate with you through one of the following email addresses:
• now@wtso.com - our wine notification emails
• wines@wtso.com - our customer service correspondence
• info@wtso.com - event notifications (Marathons, charity events, etc.)
• announcement@wtso.com - other WTSO messages
WTSO’s commitment to service includes your security as well as providing you great wines at extraordinary pricing. We continue our strategy of taking preemptive steps in order to maintain your security and confidence by partnering with a forensics and security firm to conduct a thorough investigation of the incident and our website. We are further examining additional measures we can take that would prevent any potential future compromise.
We remain grateful for your loyalty and acknowledge that we must strive to earn that loyalty each and every day. If you have any questions or concerns please contact customer service at wines@wtso.com.

Thank you,

Joe Arking

Founder and CEO
WTSO.com

[John F. Newman]

Every business that has been hacked, it seems, first tells everyone that their payment info is secure... many refuse to let their customers know until the company knows the extent... meanwhile you are getting charges from Nigeria and China.

Here is what I would do if I knew WTSO had ever had my account info: figure out what card it is, then ask my credit/debit card company for a new card. Done. They will issue a new card immediately, and if you plan on traveling internationally (and from the US) request a card with a chip in it. (Visa and Mastercard are mandating in the U.S. that chip technology be used by Oct. 1, 2015 - too long of a story to explain the details, but it won't all happen by then)

There are consumer protections available if your account info was taken and that info was used, but why go through the bother after your checks start bouncing, or you get that crazy bill and have to explain it to the credit card company.

[Eric Menchen]

There are consumer protections available if your account info was taken and that info was used, but why go through the bother after your checks start bouncing, or you get that crazy bill and have to explain it to the credit card company.

Because you have to update every other account that might be using that credit card? I easily have 5-10 things auto-billing on my credit card, and 5-10 more wine companies that I just tell, "Bill my credit card on account." Oh, then there is newegg, PayPal ...

[Glenn E.]

I no longer store credit card info with websites, and haven't for some time. I just type it in every time I need to make a purchase.

[John F. Newman]

There are consumer protections available if your account info was taken and that info was used, but why go through the bother after your checks start bouncing, or you get that crazy bill and have to explain it to the credit card company.

Because you have to update every other account that might be using that credit card? I easily have 5-10 things auto-billing on my credit card, and 5-10 more wine companies that I just tell, "Bill my credit card on account." Oh, then there is newegg, PayPal ...

What can I say... You are right, it's a pain to go and change everything. On the other hand, I've become more paranoid about this sort of stuff (and yes, they are out to get me... and you too!).

If you are a victim of credit, ATM or debit card fraud, here is a good site to check out. http://www.consumer.ftc.gov/articles/02 ... ebit-cards
I've heard some banks trying to stick the customer with the credit card fraud, but right now, the financial institutions bear the liability subject to certain terms.