Author Topic: Security Breach at Midwest Supplies  (Read 2409 times)

Offline gymrat

  • Brewmaster
  • *****
  • Posts: 826
  • Ralph's Brewery
    • View Profile
Security Breach at Midwest Supplies
« on: September 03, 2013, 10:46:45 AM »
This is from another forum where it was reposted from HBT.

This was posted on HBT over the weekend by Midwest Supplies:

    Recently we learned that despite our best efforts the security of our website was breached by an outside party. For certain types of transactions, this breach may have resulted in the outside party being able to capture and use customer credit card information entered at the time of the transaction. When we identified the breach, we immediately secured our servers, hired a technical team to investigate and help resolve the situation, notified the credit card companies and law enforcement, and obtained legal counsel specializing in computer hacking to help us navigate the very specific legal notification requirements for all 50 states. At this time, all of the notifications have been made, and letters have been sent to all customers that may have been impacted. We regret not providing an update sooner, but we did not want to comment publicly until our investigation was complete and we were able to identify and notify those potentially affected.

    Our investigation has now been completed and we are satisfied that the situation has been resolved and that all affected customers have been identified. We have also implemented extensive steps to prevent this kind of incident from happening again. In addition, we sent a letter to each customer who may have been impacted, notifying them of the incident and providing our sincere apology and a credit for $25 worth of homebrewing or winemaking supplies. If you have any questions or concerns please contact our customer service department by phone at 888-449-2739. Rest assured that if you were not contacted you were not among the customers impacted.

    We have spent many years working to earn your trust and loyalty. And we recognize an attack like this can undermine that trust. As one brewer to another, you can rest assured that we won’t rest until you’ve brewed your best.

    David Kidd

    President
    __________________
    Beer and Wine Making Supplies since 1995
    http://www.midwestsupplies.com

One of the reasons I have always liked them better than Northern Brewer is that they accept paypal. I really feel a lot safer using paypal over credit cards online.
Ralph's Brewery
Topeka, KS

Offline beersk

  • Senior Brewmaster
  • ******
  • Posts: 1878
  • In the night!
    • View Profile
Re: Security Breach at Midwest Supplies
« Reply #1 on: September 03, 2013, 01:58:21 PM »
Saw that. They aren't getting very positive responses. I think I had my card number stolen a couple years ago. A charge showed up on my account from California, some flower shop. The only place I had been using it much online was Midwest.
But I'm not blaming them, really. Hopefully, they have it all resolved.
Watch out for those Cross Dressing Amateurs!

Offline tomsawyer

  • Senior Brewmaster
  • ******
  • Posts: 1681
    • View Profile
Re: Security Breach at Midwest Supplies
« Reply #2 on: September 03, 2013, 02:06:19 PM »
This explains why my card was used in MN and AU recently.  Fortunately the card company didn't allow the charges to go through.  I contacted Midwest today and they said they had sent me a letter that is supposed to get here tomorrow.  Glad to hear they accept Paypal, I'll go that route in the future.
Lennie
Hannibal, MO

Offline Thirsty_Monk

  • Senior Brewmaster
  • ******
  • Posts: 1842
  • Eau Claire WI
    • View Profile
Re: Security Breach at Midwest Supplies
« Reply #3 on: September 03, 2013, 02:19:49 PM »
Sorry to hear that but processing credit cards is not a trivial thing.

There is such a thing that is called PCI compliance.

These are the rules that every credit processor have to comply with.
I think they are in a big trouble.
Na Zdravie

On Tap At The TapRoom:
Bohemian Pilsner
Bohemian Dark Lager
Smoked Bock
MaiBock
American Brown Ale
Marzen
Root beer

Offline madscientist

  • Brewer
  • ****
  • Posts: 321
    • View Profile
Re: Security Breach at Midwest Supplies
« Reply #4 on: September 03, 2013, 04:59:02 PM »
Well.. this certainly explains some issues I noticed in early July.

My wife ordered me a kegging system for my birthday on her CC.  She made an account and accumulated enough points for me to get a free picnic tap for it, so I bought some other stuff as well using my CC.  A few weeks later my wife notices fraudulent charges on her CC.  A week or so later, I see fraudulent charges on mine.  It didn't occur to us it may have been midwest supplies.  Shame too, because I've ordered from both them and NB several times, and have never had any issues with the order.
Homebrewed since 2010

Offline hopfenundmalz

  • Official Poobah of No Life.
  • *
  • Posts: 4535
  • Milford, MI
    • View Profile
Re: Security Breach at Midwest Supplies
« Reply #5 on: September 03, 2013, 06:38:56 PM »
Now I know where the security problem occurred. The credit card co. Fraud protection saw a fishy charge to "payroll Services" for $1. Then there was another charge before it was frozen and I was contacted. Got the letter today.
Jeff Rankert
Ann Arbor Brewers Guild, AHA Member, BJCP Certified
Home-brewing, not just a hobby, it is a lifestyle!

Offline tcanova

  • Assistant Brewer
  • ***
  • Posts: 182
  • Fayetteville Arkansas
    • View Profile
Re: Security Breach at Midwest Supplies
« Reply #6 on: September 03, 2013, 06:39:43 PM »
This is why I always keep all my credit cards completely maxed.  Just let some crook try and use on of mine and they will experience the same shame I experience every day when the clerk says "I'm sorry sir, it says declined."    :o
What's the worst that could happen?  Beer?


Wooo Pig Sooiee

Offline erockrph

  • Brewmaster General
  • *******
  • Posts: 2415
  • Chepachet, RI
    • View Profile
    • Critical Tastings
Re: Security Breach at Midwest Supplies
« Reply #7 on: September 04, 2013, 05:34:49 AM »
I got the letter, but no issues on my credit card so far. So AFAIC it's a free $25 gift certificate, and I need some stuff anyways. Sucks that it happened, but I'm happy to see that they're taking the right steps to at least try to make this right. I've always had excellent customer service from Midwest, and I will continue to use them in light of this issue.
Eric B.

Finally got around to starting a homebrewing blog: The Hop Whisperer

Offline mtnrockhopper

  • I spend way too much time on the AHA forum
  • ********
  • Posts: 2881
  • Delaware
    • View Profile
Re: Security Breach at Midwest Supplies
« Reply #8 on: September 04, 2013, 05:50:56 AM »
Sorry to hear that but processing credit cards is not a trivial thing.

There is such a thing that is called PCI compliance.

These are the rules that every credit processor have to comply with.
I think they are in a big trouble.
This is a terrible haiku.
Jimmy K

Delmarva United Homebrewers - President by inverse coup when the old president ousted himself.
AHA Member since 2006
BJCP: B0958

Offline tomsawyer

  • Senior Brewmaster
  • ******
  • Posts: 1681
    • View Profile
Re: Security Breach at Midwest Supplies
« Reply #9 on: September 04, 2013, 06:06:44 AM »
This is why I always keep all my credit cards completely maxed.  Just let some crook try and use on of mine and they will experience the same shame I experience every day when the clerk says "I'm sorry sir, it says declined."    :o
BRILLIANT!
Lennie
Hannibal, MO

Offline reverseapachemaster

  • Brewmaster
  • *****
  • Posts: 910
    • View Profile
    • Brain Sparging on Brewing
Re: Security Breach at Midwest Supplies
« Reply #10 on: September 04, 2013, 07:01:14 AM »
At least they are taking proactive steps to take ownership of the problem and put their customers on notice, unlike a certain other large HBS a few years back that denied responsibility for the problem to the bitter end. I had the pleasure of dealing with that situation after they promised the problem was fixed when it wasn't.

If you are one of the unfortunate people who were struck by fraudulent charges, you should offer to fax or email a scan of the letter from midwest to your CC provider to help verify your fraud allegations and help them track down the charges.
Heck yeah I blog about homebrewing: Brain Sparging on Brewing but I'm also a lawyer: The Kielich Law Firm

Offline AleForce

  • Cellarman
  • **
  • Posts: 78
    • View Profile
    • AleForce1
Re: Security Breach at Midwest Supplies
« Reply #11 on: September 04, 2013, 07:17:08 AM »
Now I know where the security problem occurred. The credit card co. Fraud protection saw a fishy charge to "payroll Services" for $1. Then there was another charge before it was frozen and I was contacted. Got the letter today.

me too. Luckily my bank caught on very quickly and called to confirm several fraudulent transactions.
Off We Go Into The Wild Brew Yonder!

Offline bluesman

  • Global Moderator
  • I must live here
  • *****
  • Posts: 8678
  • Delaware
    • View Profile
Re: Security Breach at Midwest Supplies
« Reply #12 on: September 04, 2013, 09:57:34 AM »
This is bothersome. I'm not too surprised though, as long as there is business there will also be fraud. Hopefully MW will get this under control and past them soon. Fortunately, I haven't purchased anything from them in the recent past. They have a very respectable business, and I'll be doing business with them again for sure.
Ron Price

Offline hopfenundmalz

  • Official Poobah of No Life.
  • *
  • Posts: 4535
  • Milford, MI
    • View Profile
Re: Security Breach at Midwest Supplies
« Reply #13 on: September 04, 2013, 10:30:48 AM »
This is bothersome. I'm not too surprised though, as long as there is business there will also be fraud. Hopefully MW will get this under control and past them soon. Fortunately, I haven't purchased anything from them in the recent past. They have a very respectable business, and I'll be doing business with them again for sure.
Midwest and Northern Brewer have the same parent company. One can wonder if the IT is separate,or consolidated? If no problems at NB, then one could deduce separate.
Jeff Rankert
Ann Arbor Brewers Guild, AHA Member, BJCP Certified
Home-brewing, not just a hobby, it is a lifestyle!

Offline Pawtucket Patriot

  • Senior Brewmaster
  • ******
  • Posts: 1354
  • Rebelling against cheap swill since 2005
    • View Profile
    • Bauhaus Brew Labs
Re: Security Breach at Midwest Supplies
« Reply #14 on: September 04, 2013, 10:54:53 AM »
This is bothersome. I'm not too surprised though, as long as there is business there will also be fraud. Hopefully MW will get this under control and past them soon. Fortunately, I haven't purchased anything from them in the recent past. They have a very respectable business, and I'll be doing business with them again for sure.
Midwest and Northern Brewer have the same parent company. One can wonder if the IT is separate,or consolidated? If no problems at NB, then one could deduce separate.

I live in Minneapolis and frequently buy supplies from both MW and NB.  In talking to some of the employees at both stores, it sounds like the only thing they really share is inventory.  And even their inventory sharing is not very extensive, apparently.
Matt Schwandt | Minneapolis, MN
AHA Member

Partial-Mash Pictorial
All-Grain Pictorial