Credit card numbers stolen from Chain Reaction Cycles

You reckon a purchase about 2 years ago would be safe? Do they keep card details on file?

From the link in the OP...

Purchases at CRC between March 4 to 12 seem to be those most closely associated with subsequent fraud

Whoever took the credit card details must sure like making international calls with his O2 Mobile, I mean damn look at all those top ups!

I think they use it as an innocuous test before moving onto something a bit more substantial.

just checked with my bank and its been debited with a fraudulent 02 top up,cards been canceled and theyre sending out a new card.WTF didnt chain reaction cycles send an email out to its customers warning of this fraud.i ordered from them on the 27th feb and the fraud was on the 4th march

Er - bollocks.
I am protected, that's why the money was instantly refunded.

Do you have a VISA or Mastercard? I just had a look and they offer the same protection on debit as credit cards. Other institutions might not.

Do they also refund any charges incurred from missed direct debits that occur while your money is missing? When your mortgage payment is missed because your account is empty do they speak to your lender about it? If there is not a wide-spread, clear case of fraud are they so quick to refund all your money?

I'll say it again.. do not use debit cards for online transactions. If you can't get a credit card, get a prepaid card.

I found 3 fraudulent transactions today, payments made Friday, to a Royal Bank Scotland credit card totaling £2,500. My last purchase from CRC was 26th Feb, so could be linked.

I am now going through the process of new card etc.

There's no way this isn't an inside job.

I found 3 fraudulent transactions today, payments made Friday, to a Royal Bank Scotland credit card totaling £2,500. My last purchase from CRC was 26th Feb, so could be linked.

I am now going through the process of new card etc.

Fuck me!

I got £30 for O2 prepay removed and I was annoyed.

Think of all the people who don't frequent forums who wouldn't have heard of this yet...

They finally said something on their facebook page.

What do we know?
We know that some of our customers have experienced credit card fraud after placing an order with CRC.

When did we find out?
Senior staff in CRC were alerted to forum comments on Sunday 6th of March. We immediately began our investigations enabling [us] to release information via community forums on Wednesday the 9th, acknowledging that we were actively investigating the situation.

How big is the problem?
So far, we have been contacted by customers who purchased in February and the beginning of March. The contacts we have had both directly and via forums equates to under 0.1% of on-line orders placed In that same time period. However, we understand that for those effected this is of great concern and as we take our customer’s security extremely seriously we are taking all the steps we can to understand what has happened.

What steps have we taken?
CRC has employed one of the UK’s leading internet security companies to carry out immediate and full forensic investigation into CRCs infrastructure. This investigation has so far uncovered no evidence of any breach. We are also fully engaged with our card processing companies and the card schemes. This investigation is still underway.

Card Re-issues
Purely as a precaution, Card Issuers may make the decision to reissue new cards to recent CRC customers. If your card is reissued it does not mean that your details have been compromised but the banks take an ultra cautious view on this as the cost of re-issuing a card is much smaller than resolving any potential issue in the future.

When will CRC have more information?
We are working round the clock to get an understanding of what has happened; as we get greater understanding we will continue to keep you up to date and intend to issue a further updates over the next week or so.

Can you order safely?
So far the investigation has uncovered no evidence of any breach but if you want to order on CRC without CRC being in contact with your credit card details then choose Pay by PayPal and checkout using your credit card via the PayPal express checkout.

Please contact us directly
We want people who have been directly affected to contact us so we can personally update you by email. Please contact us on +44 (0)2893343758 between 9am – 5.30pm or email enquiries@chainreactioncycles.com and we will be glad to help you.

Thanks again for your patience and support

Michael Cowan
CRC Senior Management

WTF didnt they email all their customers as soon as they knew about this,CRC prefer damage limitation to looking after their customers hard earned cash.

There's no way this isn't an inside job.

Coincidentally, I've just started reading a book about cyber-crime and credit card fraud *.

It's perfectly possible that someone has hacked their servers and stolen the credit card numbers (that they probably shouldn't be storing)

• http://www.amazon.co.uk/Kingpin-Hacker-Billion-Dollar-Cybercrime-Underground/dp/030758868 - fascinating read. especially if you're in the sci/tech/web industries.
  

When did we find out?
Senior staff in CRC were alerted to forum comments on Sunday 6th of March.
Pretty idiotic.

The credit card information should never have been stored in an unencrypted fashion.

Best if it was never stored at all, really.

They've not done well on this one, I am disapoint.

ordered something last week and was kept safe by paypal. will keep an eye on my statements just in case tho

will make me think twice next time im using crc

They finally said something on their facebook page.

I got an e-mail today from play.com announcing a security breach. Why didn't CRC do something similar on 6th March - better still e-mail the quoted statement out to all account holders, wouldn't have been too difficult would it?

My credit card was blocked and i presumed it was because of this. turns out i got pissed and tried to use it somewhere and entered the wrong pin 3 times so they blocked the card...fail

Do you have a VISA or Mastercard? I just had a look and they offer the same protection on debit as credit cards. Other institutions might not.

Do they also refund any charges incurred from missed direct debits that occur while your money is missing? When your mortgage payment is missed because your account is empty do they speak to your lender about it? If there is not a wide-spread, clear case of fraud are they so quick to refund all your money?

I'll say it again.. do not use debit cards for online transactions. If you can't get a credit card, get a prepaid card.

I pay my bills out of a different current account, to which I transfer more than enough money to cover from my visa debit account on the day I get paid... hence that wouldn't affect me.

There are various reasons I don't want a credit card, mainly that I tend to overuse credit. I'm bad enough with my overdraft & don't want another tempting debt option

I only use PayPal for all internet transactions, wiggle, CRC, ribble, ebay. no problems yet, but PayPal do seem to know everything about me, down to the inside leg measurement of our pet frog, should i be concerned?.. lol.

probably, cause someday they will be hit too...

But then again, spreading your love increases the chances of infection

I pay my bills out of a different current account, to which I transfer more than enough money to cover from my visa debit account on the day I get paid... hence that wouldn't affect me.
There are various reasons I don't want a credit card, mainly that I tend to overuse credit. I'm bad enough with my overdraft & don't want another tempting debt option

I guess that's fair enough, but at least it's you spending money you don't have rather than someone else :)

Just got a call from HSBC fraud protection, cloned card used on the apple website last night, im assuming from CRC as my last transaction falls conveniently in the timeframe. fucks sake this is my second cancelled card in 2 months! grrrrrrrrrrrrrr.

still no word from crc to any of you?

still no word from crc to any of you?

I got a phonecall from them basically saying they still haven't found a breach and are investigating the situation. This was after I had emailed them though, so I'm not sure whether they've rung every customer who ordered in the danger period.

I had a phone call on Friday I think it was from a lady at CRC. Nothing useful, just saying they're aware of the issue and they're sorry for the inconvenience etc. Reassurance and the like.

I've Literally just received this from CRC as well:

Hi,

Following your recent contact with us and concerns about having experienced credit card fraud, we are pleased to be able to give you further feedback.

The independent forensic investigation has shown that our infrastructure was the target of a sophisticated attack which resulted in the theft of card details relating to a number of our customers. Details were being stolen ‘real time’ and only a small proportion of recent CRC customers were affected.

The access point of the theft has been identified and permanently closed off so we are confident that we have fully addressed any weakness in our infrastructure.

We are sincerely sorry for what has happened in recent weeks and would like to thank you for your patience and support throughout this difficult period.

We would like to offer you, by way of an apology, a £30 on-line voucher for use when you next come back to shop with us....

Our site is safe to use and will be continually monitored and tested by independent on-line security experts to ensure your details are safe.

Thanks again for your patience and support,

Michael Cowan
CRC Senior Management

I hope anyone else affected has emailed them regarding this.

If I use them again, I'll be using Paypal.

I got a phonecall from them basically saying they still haven't found a breach and are investigating the situation. This was after I had emailed them though, so I'm not sure whether they've rung every customer who ordered in the danger period.

They haven't rung me, but I haven't contacted them about being affected, shall do so now.