From: security curmudgeon (jerichoattrition.org)
Date: Thu Nov 19 2009 - 13:30:43 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

https://www.tadgear.com/content.php?id=38

This notice is to inform our customers of a security incident at TAD Gear.
We recently learned that our database was illegally accessed from an
external source, and it appears that some customer data were taken, which
may include customer names, contact information and credit card data.
The possibility of a security breach came to our attention when certain
customers notified us that unauthorized charges had appeared on their
credit cards. Upon learning of the potential breach of security, TAD Gear
immediately initiated an investigation, and took corrective steps based on
the advice of an internet security firm. We have also contacted law
enforcement.

      If you purchased merchandise from TAD Gear on-line between August 6,
2009 and November 16, 2009, and the credit card used to purchase that
merchandise is still valid, in order to protect yourself from the
possibility of identity theft or misuse of your credit card information,
we recommend that you immediately contact the issuer of that credit card
and close your account. Tell them that your account may have been
compromised. If you want to open a new account, ask your credit card
issuer to give you a PIN or password, as this will help control access to
the account.

      In addition, we recommend that you place a fraud alert on your credit
files. A fraud alert lets creditors know to contact you before opening
new accounts. Just call any one of the three credit reporting agencies at
a number below. This will let you automatically place fraud alerts with
all of the agencies. You will then receive letters from all of them, with
instructions on how to get a free copy of your credit report from each.

Experian
888-397-3742 Equifax
866-640-2273 TransUnion
877-701-5276
www.experian.com www.equifax.com www.transunion.com

      When you receive your credit reports, look them over carefully.
Look for accounts you did not open. Look for inquiries from creditors
that you did not initiate. And look for personal information, such as
your home address and Social Security number, which is not accurate. If
you see anything you do not understand, call the credit reporting agency
at the telephone number on the report.

       If you do find suspicious activity on your credit reports, call your
local police or sheriffs office and file a police report of identity
theft. Get a copy of the police report. You may need to give copies of
the police report to creditors to clear up your records. Even if you do
not find any signs of fraud on your reports, we recommend that you check
your credit report every three months for the next year. Just call one of
the numbers above to order your reports and keep the fraud alert in place.

       For more information on identity theft, we suggest that you visit
the web site of the California Office of Privacy Protection at
www.privacy.ca.gov, or the Federal Trade Commission at
www.ftc.gov/bcp/edu/microsites/idtheft. If there is anything TAD Gear can
do to assist you, please email us at actiontadgear.com, a special email
address that we have set up to help answer your questions.

       On a going-forward basis, in order to help assure the security of
your information, all users will be required to recreate their usernames
and change passwords upon logging onto our newly redesigned, TAD Gear
website. Please note that the password change process is only initiated
when you come to the TAD Gear website and as a result an email is sent to
you. Do not respond to any other unsolicited emails regarding password
changes from TAD Gear. TAD Gear will not contact you by email regarding a
password change unless you initiate such a change on the TAD Gear website
in accordance with the instructions above.

       We are sorry for any inconvenience that this might have caused you.
We take the protection of our customers' personal information very
seriously. TAD Gear is making additional, significant investments in
enhancing the safety and security features on our website so that you may
feel confident using it. While no company can completely prevent
unauthorized access to data, we are committed to ensuring that our data is
protected by the highest levels of security.

If you have any questions or need further information regarding this
incident, please do not hesitate to contact us.
_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]