This is why I use gift cards to shop online
I think being honest about it is the best we can do for now. It's a hassle for everyone involved. We filed a report with the state attorney general, police and FBI. I'm not too much happier about this than you are. I'd love to see a hanging..
hoog
I've read a few posts in this thread where Mad Vapes are given "props" for coming forward about the breach and informing their customer base. I just want everyone to know that when a breach like this happenes there is a legal obligation to inform customers that personal information may have been compromised. So, yeah, props for following the law and potentially avoiding penalties (which they may face anayway if the website wasn't PCI compliant).
Now, the other companies and processors that may have been breached have a legal obligation to come forward. I'm guessing either they don't know they've been compromised (scary) or the companies are incorporated in Alabama, Kentucky, New Mexico or South Dakota. These states do not have security breach notification laws.
State Security Breach Notification Laws
Security Breach Notification Laws
Forty-six states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information.
States with no security breach law: Alabama, Kentucky, New Mexico, and South Dakota. ... is wrong with those states?
I hate saying this, but I try to avoid doing online business with companies in those states because of this. However, the bigger issue I have with any online seller I buy from is not knowing the processing company they use and where they are located. It would be interesting to find out if a majority of the processors are located in Alabama, Kentucky, New Mexico or South Dakota.
Sorry guys for all the hassle, I'd be mad at us too as I'm mad at myself . Unfortunately on this one it had nothing to do with our cc processor. Someone broke into the backend of our website and was able to change settings which possibly allowed viewing of data after orders we're placed. I'd like to think that most e-cig vendors have good cc processing but guess I'm not sure. For us, we go through a national bank and get the same rates online as our retail stores do for face to face sales through first data. Our cc processor is well known and not scammish at all.
hoog
Just a friendly reminder that I've not seen here.
If you have "accounts" with any of the vendors who were robbed of data, change your passwords immediately. If that user name and password is also used anywhere else (bad practice...) change those too.
From what I understand, the Vendor is only obligated to only inform those who they have done business with, their customers, and only their customers. They may have only offered a public statement due to being outed by one of their customers whom they informed. But regardless they offered a statement, which is more than they needed to. So I give them props for being transparent, for being honest, and for admitting fault and for fixing their flaw.
Thank you for your honesty in the situation. However, this is simply one of those things in life that "sorry" can not undo or make right. I trusted you and now my short, intermediate, and long term financial security as well as my identity have all been compromised.
Thank you for your honesty in the situation. However, this is simply one of those things in life that "sorry" can not undo or make right. I trusted you and now my short, intermediate, and long term financial security as well as my identity have all been compromised.
Ecig vendors cannot take paypal. Would be nice, but not an option.
Only in the US. There are a few vendors that ship to the US that are headquartered in other countries that have no problem accepting Paypal. I hate Paypal, myself. I really hate the fact that they somehow buckled and put a restriction on e-cig vendors ONLY in the US. Who paid them off?
Only in the US. There are a few vendors that ship to the US that are headquartered in other countries that have no problem accepting Paypal. I hate Paypal, myself. I really hate the fact that they somehow buckled and put a restriction on e-cig vendors ONLY in the US. Who paid them off?
I see your point and I think it's great that they're following the law in their state.
Now, I'm going to play the bad guy here (just go with me on this for a moment): Where is the public statement? Buried in a subforum ECF? There's no "conspicuous posting of the notice" on madvapes.com. Wouldn't that be a better place for a public statement? But, the law in their state doesn't call for that unless specific criteria are met. But, still, if they're going to be completely open & honest, wouldn't a conspicuous notice on the homepage be just a wee bit better than a post in a subforum on ECF? No?