Welcome to the updated Slickdeals redesign beta. Learn more and give us feedback. Or, return to the classic view.

Search in
Forum Thread
WBShop.com Discounts, Deals and Coupon Codes

Security breach notification: Datapak Services Corporation, customer payment information compromised (3rd party e-commerce payment and order processor for possibly WBShop.com??)

luckygecko 1,108 October 5, 2013 at 01:06 PM in Finance (5) More WBShop.com Deals
Deal
Score
+16
28,338 Views
Buy Now

Thread Details

I am posting this as a heads-up, but I am sorry I don't have more details. [Mods: If this needs to be in the finance section, please move it, but I placed it here for more exposure.]


I received the attached letter from Datapak Services Corporation (via AllClear) who state the my customer information (credit card, address, etc) may have been compromised. I thought I would post this here since we all shop at a lot of the same sites.
[Update---see posts below for WBShop.com info]
I am not going to list all the sites that I have shopped at, but from my past posts you will find Rakuten, Newegg, Amazon, and others quite often. The letter does not state the client company's name.

I don't know about Newegg, I would suspect that Amazon does all of their processing in-house.


In my own speculation, Rakuten is at the top of my because the time frame seems to work out. See this thread:

http://slickdeals.net/f/6018544-rakuten-buy-com-customers-getting-fraudulent-credit-card-charges?v=1

Newegg was talked about here:http://slickdeals.net/f/6268674-newegg-account-compromised-beware-of-potential-security-breach?v=1


Datapak Services offered me one years' worth of credit monitoring from AllClear PRO. Again, they are keeping the ID of their client private. Since I can use different information at different sites, I am not sure what, if any, of my information was exposed.


[Personal information has been deleted from the letters.]

98 Comments

1 2 3 4 5

Sign up for a Slickdeals account to remove this ad.

#2
Just got the same letter, and I believe this breach may have been why my CC was charged back in late August to some British water company (luckily Chase's fraud department alerted me to it within minutes of the charge occurring)

I was able to drill down and determine the company I bought from that used Datapak for shipping/fulfillment/processing/whatever: WBShop.com. They had some sale back in early June on Harry Potter stuff so I grabbed some stuff for my sister (though they screwed up and only sent half of the order along with one item that I didn't order..)

If you ordered from WBShop.com as well, I'd suggest canceling any card you used with them and getting it reissued.

(note: I determined it was WBShop.com because their Returns/Exchanges address is the same as Datapak's)

I definitely feel Datapak owes us a list of companies we bought products through that ultimately were fulfilled by them. The interesting thing about Datapak's letter is that it doesn't say anything was encrypted even though they have to do so with CC information to be PCI-compliant. Hopefully that'll result in some actual punishment if they did not encrypt the data.

EDIT: If you want to try and track down a possible company you ordered from that used Datapak, they may use the following address for returns/exchanges/return to on UPS/etc. labels:

1000 Austin Court
Howell, MI 48843
Reply Helpful Comment? 0 0
#3
I just got this letter in the mail too, and recently someone charged my Visa three times online for a Starbucks reloadable card in the amount of $50 while I was at work. The only recent, new site I have used was BuyDig.com for that Toshiba Extreme Laptop bag. Otherwise, I only use my card online at major retailers, such as Amazon, Best Buy, Target, Wal-Mart, etc. I have purchased from WBShop.com before though, so thank you for that investigation you did, athornton. Might as well get that free service, since they are offering it free for a year.
Reply Helpful Comment? 0 0
#4
I just got the same letter in the mail. I also shopped at WBShop about 2 months back when that Fringe bluray set was on sale for $14.99. My credit card was also fraudulently used about 4 weeks back so this is definitely the culprit. The only thing I have used that CC for in the past 6 months was that purchase and when I logged in to try to determine how my CC was stolen I saw that WBShop had it saved on file. Damn it.
Reply Helpful Comment? 0 0
What's the freq. Kenneth?
1,108 Reputation
Original Poster
Pro
#5
Quote from athornton View Post :
I was able to drill down and determine the company I bought from that used Datapak for shipping/fulfillment/processing/whatever: WBShop.com. They had some sale back in early June on Harry Potter stuff so I grabbed some stuff for my sister (though they screwed up and only sent half of the order along with one item that I didn't order..)

I place an order for The Dark Knight Trilogy Limited-Edition Gift Set from WBShop.com back in July. I canceled the order the same morning via phone because I realized my brother already had two of the movies, and was not all the into Batman, thus my card was not charged.


Either way, I too have shopped there.Looks like I used "guest" checkout. I do not have an account there, although order tracking shows the last 4 of the card and the order being cancelled.
Reply Helpful Comment? 0 0
#6
Hmmm I'll have to have a look at my credit card again closely....I had fraud happen in May this year but it was through walmart's website....they purchased 11 online t-mobile cards .....I did purchase something through WBShop.com also though....now I'm not sure who the culprit is. Maybe we can narrow it down with enough replies here.

So is this AllClear Pro legit then? I wasn't sure if it was a scam letter or not. Is anyone going to do the monitoring for the year?.

Note: I purchased the Goonies/Gremlins BluRay back in July. However I also checked out as a guest and didn't set up an account with them.


Looking online I see this: "Over the years, Datapak has implemented solutions for a variety of trading partners including Wal-Mart; Target; Sephora; Sports Authority; Home Shopping Network (HSN); Costco; CVS; Bed, Bath and Beyond; Sky Mall and more."
Reply Helpful Comment? 0 0
#7
Got the same notice in the mail this morning. wbshop is definitely the culprit since I also ordered from them earlier this year when they had the hobbit 3d blu ray on sale. I went to the site and checked the payment section to see if my cc info was saved on the site and turns out it wasn't, so that's probably why I never had any fraudulent charges on my card.
Reply Helpful Comment? 0 0
What's the freq. Kenneth?
1,108 Reputation
Original Poster
Pro
#8
Quote from TheBigmac View Post :
Got the same notice in the mail this morning. wbshop is definitely the culprit since I also ordered from them earlier this year when they had the hobbit 3d blu ray on sale. I went to the site and checked the payment section to see if my cc info was saved on the site and turns out it wasn't, so that's probably why I never had any fraudulent charges on my card.

I did not set up an account, but like I said above I did look at my order status and it showed the last four of my card. I am not sure if they keep on file the whole number on file or if the their security breach would pluck the number as the orders are place.
Reply Helpful Comment? 0 0

Sign up for a Slickdeals account to remove this ad.

What's the freq. Kenneth?
1,108 Reputation
Original Poster
Pro
#9
Quote from astcgirl View Post :

So is this AllClear Pro legit then? I wasn't sure if it was a scam letter or not. Is anyone going to do the monitoring for the year?.

I too had this fear, but as best as I can tell they are a real company. I was looking at the Maryland Attorney General's security breaches page [md.us] an saw notices sent to people from various companies that had used AllClear (Debix) in relation to their security breach. [I could tell by the return address listed and the offer for AllClear service.]
I am not sure how effective they are at what they do, but if you sign up with them then you are covered under their master insurance loss policy, albeit with a lot of exclusions.
When Sony had their massive breach [wikipedia.org] in security in 2011 they used this service.


Other info: [I am sure there are people on the forums with much better info than me, so maybe they will speak up.]


If you think your MasterCard might be compromised and for some reason you do not request a replacement or need to delay your replacement, you can add "SecureCode" to the card to force an extra pin in online purchases. I am guessing if an online merchant does not support this then you will not be able to check out. Link: http://www.mastercard.us/securecode.html
Of course this does not protect if your physical card is cloned with your stolen information and used in a store. (The magnetic tape on the back of a card is 60 years old technology.)


If you have a Visa card and use Visa's online wallet [wikipedia.org] V.me service, I think that you can receive alerts for any transactions with Visa cards stored in your V.me account. (Even if the purchase was outside of V.me) [You can store other cards, but they give global alerts on Visa cards.]


Mastercard also has a online "wallet" system called MasterPass, but I don't think they offer global alerts for your Mastercards stored. They only offer alerts for MasterPass purchases.



Card issuers are very good at replacing your card at no cost if you think it has been compromised.
Reply Helpful Comment? 0 0
What's the freq. Kenneth?
1,108 Reputation
Original Poster
Pro
#10
I received a phone call from what is a fake number: 125363827 and no other info. It was an automated voice stating "we regret to inform you that your [brand name] debit card is locked." "Please press one to unlock." I thought I would play along, thus I press one. The message repeated, and I pressed one again and the next prompt stated, "please enter your 16 digit card number to unlock." Of course that was enough for me to hear.


The thieves who compromised Datapak Services's systems know that the goose is up. Thus, this is the time to be extra careful with your information. For example, the thieves have your phone number and know you are worried about your cards, charges, and identity. So, a fake alert to you could be used to gather even more of your data.


For those of you reading the thread and have signed up for AllClear, please note that if a call is from AllClear, it will speak your security phrase in your own voice. [The one you recorded when you set up your account. ]


Always ask to call a company back at their published number. If they called you they should already have your information and not ask for it over the phone. If they need to verify information, tell them you will call them back and give it to them.
Reply Helpful Comment? 0 0
#11
I used amex for fringe in june. A fraud attempt hit that card #. A large $$ attempt from brazil...to purchase airline tixs. Immediately, amex blocked the charge and alerted me vis text at 3am. The text asked me to call in to verify my account/purchase and to reopen the blocked account.

I did not write any thing down for all clear once, i saw the SS# and personal info questions. I trashed it. I just placed a lower spend threshold on my cards and added purchase alerts for anything attempted over that amount.

Besides, i put down a fake number for orders. Or, a ph # to my emergency, 60min, phone that is stored in my car or an old disconnected number. I dont think i give my direct number to the credit cards when they ask me, either. its always the disconnected number from 20 years ago. Unless, they record my number from an inquiring call, on my part, im good.
Reply Helpful Comment? 0 0
What's the freq. Kenneth?
1,108 Reputation
Original Poster
Pro
#12
Quote from ballershanelle View Post :
I used amex for fringe in june. A fraud attempt hit that card #. A large $$ attempt from brazil...to purchase airline tixs. Immediately, amex blocked the charge and alerted me vis text at 3am. The text asked me to call in to verify my account/purchase and to reopen the blocked account.

I did not write any thing down for all clear once, i saw the SS# and personal info questions. I trashed it. I just placed a lower spend threshold on my cards and added purchase alerts for anything attempted over that amount.

Out of an abundance of caution I place a 90-day Fraud alert with Equifax via their online form :
https: //www. alerts. equifax. com/ [I split it up to force typing in the link manually, which is safer]


Equifax is supposed to report it to Experian and TransUnion.
I have no plans to open a new account in the 90 days, but it just means that creditors are supposed to take extra steps to verify you if they open an account. (If they follow the fraud alert notice.)
Reply Helpful Comment? 0 0
#13
This stuff just doesn't stop does it? I guess it's factored into the amount of online activity we do any way. That's why years ago I stopped using my debit card altogether. Switched to Amex and they have been good at catching things. I also recently got an attempt to purchase airline tickets. Prior to the airline ticket there was an authorization from some podiatry place. Amex picked it up as being odd and stopped the card. There really isn't enough info at WB to open up accounts but I guess extra protection doesn't hurt. I use my GV number for purchases and I did get a recent call that just had a beeping tone and no one spoke. I'm glad cc companies have gotten their act together at recognizing purchasing patterns. It's better than these credit monitoring services.

Oh yeah, and I just got the letter today. Thanks OP for helping pinpoint the culprit.
Reply Helpful Comment? 0 0
#14
Got the letter also shopped at WB had about $10,000 fraud on the AX fake airline tickets etc back in July.

This letter mailed and this slickdeals post clears it up finally
Reply Helpful Comment? 0 0
#15
We need to get this reported on a MAJOR LEVEL TO PEOPLE OR ATTORNEY GENERALS. How about RIPOFF report or consumerist blog about WB.com or any website dealings, in general. Any options to sound an outcry?

Just called after logging into the site to eliminate or alt. Profile or basically, remove my info in profile, address and email and replace it w different info. I will check out as guest or call in my orders if need, is my hope. The only issue is my history contains all of the exact info that i just changed. I can't change the history. So, i call the wb number looking for tech or online support.

Guess what? THERE IS NO tech support or anyway to get help w online issue like account closing.

As a matter of fact, i told the CS that its possible that a security breach has happened and people on the net are slowly asking questions and possibly narrowing down potental data breach points. Wb.com could be one of the points of data compromise. The CS rep was a snot. Claimed, he had not heard of nothing. No way and if so, there is no tech support for the website. No number to call or anything. I said, "that's a lie. No way can a site operate and not have an operation to fix problems or help those who use the site and had an issue." Again, he went on to say, "he has not order on the site in a long time as a customer. He just places orders directly w the warehouse and customer via phone. He can see customer history but can't see account info. I said, if you don't use the online site then u would not know about a breach if it had happened. You didn't get a cc fraud attempt! So, why say, it didn't happen or no way can it happen just because u would have heard! My issues is..i want info on how to remove the history address, full name, fake phone number main email or a way to close the account.

Matt the CS rep said, "there's no one to help w any of that. Is there anything else, he can help me with?" I said, wb just lost a customer if my data can't be removed and maybe open for a possible lawsuit. I will be alerting people, even the attorney general, and beyond.

This smell like a no disclosure potential by warner brothers, if it ever, had or will deal with a data breach. I feel the avg customer will not get info
Reply Helpful Comment? 0 0
Page 1 of 7
1 2 3 4 5
Join the Conversation
Add a Comment
 
Slickdeals Price Tracker
Saving money just got easier.
Start Tracking Today
Copyright 1999 - 2015. Slickdeals, LLC. All Rights Reserved. Copyright / DMCA Notice  •  Privacy Policy  •  Terms of Service  •  Acceptable Use Policy (Rules)