Ever order anything from getbmwparts.com (or other automotive web sites)?

[Terri Kennedy]

If so, bad guys may have your credit card number, even if you didn't tell the web site to save it.

I just got a (paper) letter from MileOne Automotive, which operates the getbmwparts.com and subarupartsdepot.com, stating that their web hosting contractor, trademotion.com, was hacked and information downloaded between March 5th, 2014 and May 17th, 2014, and that the information included name / address / email / phone / credit card.

MileOne is offering free 12-month credit monitoring by Experian to affected customers.

The only other TradeMotion customer to have posted a public notice is AutoNation.

However, TradeMotion provides some / all services for MANY other automotive web sites, such as GM Parts Direct. Just enter something like "trademotion honda" into Google to see how deep their tentacles run.

[equ]

Oh man, I did use getbmwparts/trademotion a bunch of times, but not sure if it was in that period.

[kognito]

should not effect me, but thanks for posting this Terry

[clyde]

Quote:

Originally Posted by Terry Kennedy

If so, bad guys may have your credit card number, even if you didn't tell the web site to save it.

I just got a (paper) letter from MileOne Automotive, which operates the getbmwparts.com and subarupartsdepot.com, stating that their web hosting contractor, trademotion.com, was hacked and information downloaded between March 5th, 2014 and May 17th, 2014, and that the information included name / address / email / phone / credit card.

Quote:

Originally Posted by equ

Oh man, I did use getbmwparts/trademotion a bunch of times, but not sure if it was in that period.

As I read Terry's post, I took it as the breach occurring during the 3/5-5/17 timeframe and put everyone that had used trademotion knowingly or not) at risk because they were saving everyone's credit card regardless of stated preference. So, if I had ordered something last year and told it to not save my credit card, I would still be at risk.

Then I read equ's post and was going to say, "that's not what he said," but I did a little googling for everyone and found AutoNation's letter to the Maryland AG abotu the breach.

Quote:

Originally Posted by Autonation

...[c]riminal hackers were able to unlawfully access certain credit card information as it was being entered into their systm during the period from March 5, 2014 to May 2, 2014.

Included in the letter are two examples of the form letters they sending to affected customers which doesn't quite say the exact same thing. The differences between the examples are the specific AutoNation stores.

Quote:

Originally Posted by AutoNation

...[c]riminal hackers were able to unlawfully access certain credit card information on TradeMotion systems.

Whether the breach only included CC#s as they were entered or if it included any stored CC#s seems like a major point that should be clear, but it's not as clear as it should be.

[ZBB]

As some of you know, I work with credit cards, although not indirectly.

I'm routinely alerted by our card vendor of specific cards that have been breached someplace. Sometimes its 2-3 cards, other times its thousands.

This problem is huge. We're using a card system developed in the 70s (with authorization networks updated in the 90s). Too many open areas to keep it secure.

Hopefully the US is finally on the path to moving towards chip an pin... When the UK implemented chip and pin in ~'06, they saw a 98%+ drop in fraud within 30 days. Since chip & pin cards work by forcing a 3-way match of the pin (stored on the card, stored on the authorization network, and provided but the cardholder), the only weak link becomes the cardholder. Any un-match causes the transaction to fail (I believe the user gets up to 3 tries before the card is locked...)