Hobby Search Gives Away Customers Credit Card Numbers

One of our competitors in Japan (Hobby Search) sent this notice out to their customers recently, forcing thousands of people to cancel and have reissued their credit cards used to purchase Anime figures and merchandise directly from them in Japan:

Dear Hobby Search customer:

We are writing to let you know of a hacker or hackers that penetrated our computer system and accessed customer data including credit card information.

At the time of writing, we do not know of any of this information being available publicly. It is important to us that you, the customer, do not experience any monetary damages because of this incident, and have provided the information of all the cards that may have been involved in this incident to each of the credit card companies so that they may monitor the activity on these cards. If you have any concerns about the security of your card, please contact the card company (via the number on the back of your credit card).

Also, although we have switched to a more secure credit card transaction system that only stores the last four digits of your card on our databases on July 7, 2010, we have disabled credit card payments indefinitely.

The credit cards involved in this incident are those used in orders prior to July 7, 2010 (a maximum of 23,526 cards), and we are notifying those affected with this email.

The information that may have been accessed - Credit card numbers, expiration dates, cardholder names

We do not store personal verification passwords or security codes on our databases, so these have not been accessed. Again, we have switched to a more secure credit transaction system on July 7 that only stored the last four digits of those cards and cannot be abused by a third party. We are deeply sorry for any inconvenience or concern that this incident may have caused.


Toshiyuki Suzuki, my opposite number over at Hobby Search, cannot be pleased.

Now you all know it's a bit of a pain to re-enter your order data on our store site everytime you place an order with us - in fact, I write about it here on our FAQ - but when you do you can rest assured that because we don't maintain a public server that stores customer address and payment transaction data, the information that you give us can never be stolen or accessed by outside parties.

Anyone can tell you their public servers and/or payment platforms are secure, but are they really? How can they ever be sure? We'll, we're sure here, because we don't ever give hackers a chance.

0 comments:

Post a Comment