Jump to content

credit cards on Hannants compromised


Recommended Posts

It turns out my Visa card has been charged a small amount of money too - $2.12 to be more specific. Luckily the Danish credit card service caught it and blocked my card. I have also ordered from Hannants several times recently.

Last year the same happened to me, except it was €1,000 then. I was (and still am) uncertain where the details had been hacked, but I had ordered from Hannants too back then.

While I think (and hope) that PayPal is safer than Hannants, any company storing your credit card details could be the source. Companies like Relish Models and Lucky Model do not store your details, and you have to enter them every time. With Lucky Model you even have to enter the Verified by Visa code, so I consider that to be quite safe.

Jens

Link to post
Share on other sites
what are the chances of your card details being out, i placed an order around the 3rd of october, and i checked today and nothing has come through on my bill, just wondering if anyone who has used hannants is porked, or just some very unlucky people.

It is huge number of credit cards, they just might not come to your record yet. Try to check also blocked transfers as in my case I didn't see it in regular transfers. Anyway, I strongly recommend to block the card or at least decrease the limit to minimum.

Link to post
Share on other sites
Jan, Britmodeller got that statement because the owner contacted Hannant's to find out what was going on. Nothing to do with only telling the Brits I would suggest.

peebeep

cite from britmodeller: "I've been in touch with David Hannant this morning, and he asked me to post the following on his behalf:"

you might be right, but to certain extent - why hannants do not send email to all of their customers? It's obvious there is a problem, credit cards of their customers are compromised and still charged. It doesn't matter if the problem is in Hannants, bank, or anything else. The credit cards are still charged, why there is no warning from Hannants? They might send warning to banks to block cards, but still...

Edited by Jan Jezl
Link to post
Share on other sites

" why hannants do not send email to all of their customers? "

because they are probably waaayy too busy to send an email to everyone and they know that sending a msg through a site like britmodeller is the fastest way to get word out.

blaming hannants for the security breach is pretty silly. i am 100% sure if they knew something was not secure they would have been on it right away. however i am also 100% sure that the hannants website is the SOURCE of all this commotion. is hannants to blame NO!!!!!was thier site and or thier ordering system comprimised and all of our cc info stolen from there YES! it is the common link.

Link to post
Share on other sites
why hannants do not send email to all of their customers? It's obvious there is a problem, credit cards of their customers are compromised and still charged.

I agree they should make some sort of general announcement, but I would guess there is a huge flap going on at Lowestoft and that they are still trying to find out what's happened. The website is still down so no business is being transacted. It does say in the statement that they will e-mail customers as soon as they know more, but in the mean time I can understand if people are feeling somewhat angry and frustrated with the lack of information.

peebeep

Link to post
Share on other sites
I agree they should make some sort of general announcement, but I would guess there is a huge flap going on at Lowestoft and that they are still trying to find out what's happened. The website is still down so no business is being transacted. It does say in the statement that they will e-mail customers as soon as they know more, but in the mean time I can understand if people are feeling somewhat angry and frustrated with the lack of information.

peebeep

I'm not frustrated that I don't have enough information, that's not important. Important is to warn all people who might get compromised of this threat. The reason I put great effort into investigation and convincing Hannants to start their investigation was to warn people and save as much money as possible from being stolen. And that was exactly why I opened this thread here - to warn you and save your money, guys. Some of you already wrote, that it saved their money (thanks God). Why hannants do not write simple email or at least statement on their website? This would save much more than a thread on any forum...

Link to post
Share on other sites
"was thier site and or thier ordering system compromised and all of our cc info stolen from there YES! it is the common link.

You are claiming more than we know. From what has been said it was NOT their site nor their ordering system that was compromised, but the hacking was into the bank links. It may well be that Hannants customers are only a subset of those affected.

Link to post
Share on other sites
" why hannants do not send email to all of their customers? "

because they are probably waaayy too busy to send an email to everyone and they know that sending a msg through a site like britmodeller is the fastest way to get word out.

blaming hannants for the security breach is pretty silly. i am 100% sure if they knew something was not secure they would have been on it right away. however i am also 100% sure that the hannants website is the SOURCE of all this commotion. is hannants to blame NO!!!!!was thier site and or thier ordering system comprimised and all of our cc info stolen from there YES! it is the common link.

I get an email from them once a week with their new release items. If they have time to send out the new items every week to their mailing list, they could easily send out an email to the same list about what's going on.

Link to post
Share on other sites
I don't understand this paranoia over Paypal. I've been using it for years, hundreds and hundreds of transactions, not a single problem with fraud or theft. I think the fee is a little high but still prefer PP over CC.
Same here only I've done thousands of transactions without a single problem.

Also consider that Ebay does millions of transactions.

This incident highlights one of the main reasons that I only accept Paypal for my business. They can deal with the security issues so I don't have to worry.

:rolleyes:

Link to post
Share on other sites
Good point, changed. Not being a native speaker - if you have better (shorter) suggestion, let me know :-)

maybe Clearing bank compromised, hannants customers affected

all the best jamie

EDIT: Clearing bank compromised, some hannants customers affected

Edited by sweaty
Link to post
Share on other sites

Thanks for the heads-up! :rolleyes: Was able to delete my CC data from my Hannants account yesterday.

Don't know whether it has anything to do with the problems at hand, but I was never comfortable with having to store my CC data with them. Not because I don't trust Hannants (since I do business with them, obviously I do trust them), but because of storing the data somewhere else.

Some other questions:

Were only certain kinds of cards affected? Say, only Visa or only Master Cards? Would that even be possible?

What should one do now? Contact one's bank and have them do what exactly?

How about changing the topic tilte, seems a bit unfair if its not hannants fault

What would you change it to? :rolleyes: Hannants may not be at fault, but apparently all this has somehow to do with them. Insofar, it's only consequent to post it in the title. Actually, the thread title only says that something happened to Hannants, not that it was their fault.

Link to post
Share on other sites
maybe Clearing bank compromised, Hannant's customers affected

Apparently that is the case and it isn't just Hannant's customers that are affected.

Moritz, I've had feedback from somebody who had cash transferred out of a current account via their direct debit card details.

peebeep

Edited by peebeep
Link to post
Share on other sites
Apparently that is the case and it isn't just Hannant's customers that are affected.

Moritz, I've had feedback from somebody who had cash transferred out of a current account via their direct debit card details.

peebeep

true i changed it to some, ive got 3 cards regestered on there, 1 credit 1 debit and a old debit card, not to worried as i canceled the debit card for another reason a couple of weeks ago, so its just the credit card which has now been canceled even though no one tryed to take anything from it.

Will still use them though, as i honestly don't believe its their fault.

all the best jamie

Edited by sweaty
Link to post
Share on other sites
Apparently that is the case and it isn't just Hannant's customers that are affected.

peebeep

We have indirect information from Hannants, that it was clearing bank. Nothing else. The only verified information is that a lot of credit/debit cards used on Hannants were compromised.

BTW, I have also debit card. Visa Electron

Edited by Jan Jezl
Link to post
Share on other sites
We have indirect information from Hannants, that it was clearing bank. Nothing else.

That is why I used the word apparently and my source is not Hannant's. There's lots of speculation and few facts.

peebeep

Link to post
Share on other sites
Apparently that is the case and it isn't just Hannant's customers that are affected.

Do we know of any non-Hannants customers who were affected?

Thanks for the heads-up! :cheers: Was able to delete my CC data from my Hannants account yesterday.

What should one do now? Contact one's bank and have them do what exactly?

IF Hannants database itself was in fact hacked, they probably already downloaded all the CC info present so clearing your data from Hannants website will only protect you from future crooks.

I would suggest calling your bank, telling them what has happened and see what they say.

If they try to sell you an extra security policy for only x amount per month tell them to pound sand, cancel the card and find a new bank.

Link to post
Share on other sites

E-mail just received from Hannants :-

Dear Customer

We are very sorry to have to tell you that a number of customers who have used our website have had their card details stolen and used by criminals.

ALL CUSTOMERS THAT HAVE ENTERED CARD NUMBERS ON OUR NEW WEBSITE PLEASE CHECK YOUR ACCOUNTS FOR SUSPICIOUS CHARGES OR ATTEMPTED CHARGES.

If you see any please contact your company that issued your card.

At the moment no one is sure how this has happened. There are several internet security firms investigating everything and we will keep you all updated as soon as we can.

There is no sign of any intrusion into the server where the card number and expiry date information that we keep is encrypted*. The CVV number is not stored.

After looking at the information we have received we think this mainly affects some customers who have sent us an order in the last 2 weeks though there are 3 from September.

We have been contacted by about 40 customers so far but are not sure how many others have had their cards compromised but have not told us yet. If you know your card has been compromised PLEASE tell us. Please send us as much information as you can as soon as you can. We need as much information as soon as possible.

Please look out for small 'insignificant' test charges of under $5.00 followed by larger charges of varying amounts. Charges have originated from different countries and in different currencies.

Until we have found out what has caused this problem and it has been fixed we have closed the website. None of the experts can find any problems with it but until the problem is resolved we prefer not to take any risks.

We have deleted ALL card numbers from the website database. We are aware that a few of you wanted access so you could delete your details but we have done this for everyone.

Paypal. We have been asked why we do not accept it. There are 2 reasons. Firstly when we started work on the new website 4 (four) years ago we could not get it to work with the fully stock controlled warehouse that we wanted to run. We did some trials but it took too long for payments arrive in our bank account which would seriously have delayed the despatch of orders. Things have now improved. Secondly it was too expensive. 3 times the cost of handling Visa and Mastercard. All our payments are now handled by Sage pay, a large British firm. Recently they have started working with Paypal and our website designers had been doing some work to incorporate it into the website. We are going to speed up the work on this and try to get it incorporated quicker.

We will re-open the website as soon as we can but will not be rushing into it.

Thank you for your help and understanding.

ALL CUSTOMERS THAT HAVE ENTERED CARD NUMBERS ON OUR NEW WEBSITE PLEASE CHECK YOUR ACCOUNTS FOR SUSPICIOUS CHARGES OR ATTEMPTED CHARGES.

If you see any please contact your company that issued your card.

* This data is stored so that customers do not have to enter it each time they order and so that we can run a back order service.

Ian

Link to post
Share on other sites

Just got this from hannants;

Dear Customer

We are very sorry to have to tell you that a number of customers who have used our website have had their card details stolen and used by criminals.

ALL CUSTOMERS THAT HAVE ENTERED CARD NUMBERS ON OUR NEW WEBSITE PLEASE CHECK YOUR ACCOUNTS FOR SUSPICIOUS CHARGES OR ATTEMPTED CHARGES.

If you see any please contact your company that issued your card.

At the moment no one is sure how this has happened. There are several internet security firms investigating everything and we will keep you all updated as soon as we can.

There is no sign of any intrusion into the server where the card number and expiry date information that we keep is encrypted*. The CVV number is not stored.

After looking at the information we have received we think this mainly affects some customers who have sent us an order in the last 2 weeks though there are 3 from September.

We have been contacted by about 40 customers so far but are not sure how many others have had their cards compromised but have not told us yet. If you know your card has been compromised PLEASE tell us. Please send us as much information as you can as soon as you can. We need as much information as soon as possible.

Please look out for small 'insignificant' test charges of under $5.00 followed by larger charges of varying amounts. Charges have originated from different countries and in different currencies.

Until we have found out what has caused this problem and it has been fixed we have closed the website. None of the experts can find any problems with it but until the problem is resolved we prefer not to take any risks.

We have deleted ALL card numbers from the website database. We are aware that a few of you wanted access so you could delete your details but we have done this for everyone.

Paypal. We have been asked why we do not accept it. There are 2 reasons. Firstly when we started work on the new website 4 (four) years ago we could not get it to work with the fully stock controlled warehouse that we wanted to run. We did some trials but it took too long for payments arrive in our bank account which would seriously have delayed the despatch of orders. Things have now improved. Secondly it was too expensive. 3 times the cost of handling Visa and Mastercard. All our payments are now handled by Sage pay, a large British firm. Recently they have started working with Paypal and our website designers had been doing some work to incorporate it into the website. We are going to speed up the work on this and try to get it incorporated quicker.

We will re-open the website as soon as we can but will not be rushing into it.

Thank you for your help and understanding.

ALL CUSTOMERS THAT HAVE ENTERED CARD NUMBERS ON OUR NEW WEBSITE PLEASE CHECK YOUR ACCOUNTS FOR SUSPICIOUS CHARGES OR ATTEMPTED CHARGES.

If you see any please contact your company that issued your card.

* This data is stored so that customers do not have to enter it each time they order and so that we can run a back order service.

Link to post
Share on other sites

Guys,

This really sucks, I've ordered from Hannants in the past and never had problems. I did however check with my CC company (Mastercard) and nothing suspicious.

I can only jope that those responsible for this are tracked down and fed to the sharks...

Holmes get to work...

Harald

dayum... 2300 posts here.....

Edited by PhantomPhreakII
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
×
×
  • Create New...