Rumor has it from a reliable source

Moderator: Palmtana

  • Author
  • Message
Offline

The Last Druid

  • Posts: 1906
  • Joined: Wed Aug 29, 2012 9:13 pm

Rumor has it from a reliable source

PostWed Feb 10, 2021 7:09 pm

that SOM had a major credit card hacking breach. Apparently they are legally required to notify us that our credit cards may have been compromised, but have done nothing.

If this turns out to be true, they need to be held accountable.
Offline

Paul_Long71

  • Posts: 6211
  • Joined: Thu Aug 23, 2012 3:48 pm

Re: Rumor has it from a reliable source

PostWed Feb 10, 2021 7:18 pm

I had my card hacked last month and had to get a new one....this was right after purchasing credits...so this is possible.

I got no notification from Strat though....hmmmmm
Offline

freeman

  • Posts: 922
  • Joined: Wed Feb 05, 2014 6:55 am

Re: Rumor has it from a reliable source

PostWed Feb 10, 2021 7:27 pm

If you bought anything recently using a credit card from Strat...you need to check with your credit card company. Well, actually if you ever bought anything from Strat you should check. I heard they were hacked and checked with my credit card company and there were fraudulent charges.

And yes it's hard to believe we havent all been notified so that we can protect ourselves
Last edited by freeman on Wed Feb 10, 2021 7:29 pm, edited 1 time in total.
Offline

The Last Druid

  • Posts: 1906
  • Joined: Wed Aug 29, 2012 9:13 pm

Re: Rumor has it from a reliable source

PostWed Feb 10, 2021 7:28 pm

Just got a league message that SOM sent one of the victims a notice of being hacked two days ago.
Offline

STEVE F

  • Posts: 4253
  • Joined: Tue Mar 19, 2013 2:08 pm

Re: Rumor has it from a reliable source

PostWed Feb 10, 2021 7:30 pm

I've received two emails from Strat, updating me on the situation. Unfortunately , I already had a fraudulent charge on my credit card on Monday. I was able to get it reversed and canceled that card.
Offline

The Last Druid

  • Posts: 1906
  • Joined: Wed Aug 29, 2012 9:13 pm

Re: Rumor has it from a reliable source

PostWed Feb 10, 2021 7:44 pm

Just received an email from SOM at 6:38 EST (7:38 on their warped boards time) admitting the breach, saying they have now joined a long list of businesses that have been hacked and that at least there was no identity theft. Guess we are supposed to be grateful for small favors.
Offline

egvrich

  • Posts: 1436
  • Joined: Thu Aug 30, 2012 4:17 pm

Re: Rumor has it from a reliable source

PostWed Feb 10, 2021 8:32 pm

Why the hell would only some people get notified would be my questions. I had to cancel my credit card about 4 weeks ago because of fraudulent charges.

Someone tried to buy a very expensive chess set and have it shipped to a guy named Bruce ... :lol:

Seriously though I did have to cancel my card. Fortunately, I haven't purchased any credits on the new card yet.
Offline

Hack Wilson

  • Posts: 1134
  • Joined: Thu Aug 23, 2012 6:16 pm

Re: Rumor has it from a reliable source

PostWed Feb 10, 2021 8:47 pm

I had my card compromised about a month or so ago, could've been due to this. No emails to me from SOM. Figures :evil:
Offline

emart

  • Posts: 1353
  • Joined: Fri Aug 24, 2012 12:16 am

Re: Rumor has it from a reliable source

PostWed Feb 10, 2021 9:09 pm

Hack Wilson wrote:I had my card compromised about a month or so ago, could've been due to this. No emails to me from SOM. Figures :evil:


Same here.
Offline

ROBERTLATORRE

  • Posts: 1296
  • Joined: Thu Aug 23, 2012 3:36 pm

Re: Rumor has it from a reliable source

PostWed Feb 10, 2021 9:14 pm

It looks like if you are on the marketing email list, you got notified.

Code: Select all
February 8th, 2021

To our loyal customers-

We are writing to let you know that we just learned that several customers who used credit cards on our website during January and February 2021 were subsequently notified of fraudulent transactions on their credit cards.  Upon learning this information, we immediately began an investigation and took steps to ensure the security of our website. 

When we complete our investigation, we will be back in touch with additional information, but wanted to send you this notice in the meantime so that you can immediately contact your credit card company and ensure that you are not impacted as well.

In addition, we have taken the proactive step of disabling credit card functionality on our website. You can still place new orders and securely pay with your credit card through the link on our site to PayPal, even if you don’t have a PayPal account. 

We have also engaged a third party to investigate and we will update as we learn more.

Any pre-order previously placed will be sent upon commencement of shipping later this month.

Apologies for any inconvenience this has caused our amazing customers and community.   

Be well.  Play well.

Your Friends at Strat-O-Matic


A couple things on this, only because it's part of what I oversee in my work.

The scope of the communication really should have been driven by the contact info in the online order platform and not the marketing database, but it's a mom and pop shop so they probably don't know that.

When breaches happen, the standard incident response is to notify ALL of the online customers, regardless of when the transaction occurred. Then, it is common operating procedure to offer the at risk customers free identity fraud protection (like NortonLifeLock, Experian, IdentityGuard...) for 12-24 months, paid for by the company.

SOM is a very small company and probably don't have the experience to know what the best practices are unfortunately. Per their email, they are outsourcing the investigation, not unheard of in a company this size, and hopefully the cyber security company will advise to follow up with a more thorough communication and complimentary identity fraud protection.

I don't expect that SOM will pick up the cost for the monitoring though, hopefully I am wrong. If they don't, these services aren't very expensive for an individual and can be valuable if you have an active online consumer presence. You could consider signing up on your own. Some even have trials that you can sign up for, free of charge for 30-60 days.

It's important to keep in mind though, that the time frame of the risk extends well beyond immediate period after the breach occurred. Information is sold and traded in the identity theft community and can be used up until the expiration date of the credit card (the expiration date is part of the breach data).

I hope this was helpful to anyone that is concerned about the risk associated with the breach. I've gotten a lot from this community over the years and would be glad if this was a chance to contribute back to it.

Rob
Next

Return to Strat-O-Matic Baseball: All-Time Greats

Who is online

Users browsing this forum: No registered users and 11 guests