I got a call from my credit card company yesterday. Two different entities posted 0$ transactions to my account on Tuesday. Then this morning I get this in the mail from Kimber. Sure enough I used that card to buy some spare parts from Kimber in that time period.
Who the fuck stores CC in their system these days? And how can Kimber or their third party claim to be PCI complaint ( capable of accepting card not present payments) when they store the CVE? Who is the CISO at Kimber and who is their "third party" hosting service? Who coded this shit and who runs that company?
Note this :"The privacy and security of information is of the utmost importance to us and we sincerely regret any concern this incident may cause you."
No, it's not. You did not know what you were doing and screwed up.
We are writing to notify you of an incident that may affect the privacy of certain information recently provided to us, and to provide you with information about the incident, our response, and resources we are making available to you. On November 7, 2023, Kimber learned an unknown party accessed a software tool used to administer the Kimber online store, which is managed by a third-party. Kimber immediately conducted an investigation and determined the tool was potentially used to gain unauthorized access to certain Kimber customer order information between October 23, 2023, and November 7, 2023. Kimber determined the order information potentially accessed without authorization included your name and the credit card number, expiration date, and CVV code you provided to make a purchase on the Kimber online store between October 23, 2023, and November 7, 2023. Please note we have no reason to believe there was any unauthorized access to information about the specific product(s) you purchased. In response to this incident, we have implemented additional security features on our website and are reviewing our policies and procedures related to data protection. We have also notified law enforcement. While we have no evidence that any information has been misused, in an abundance of caution, we are offering you access to credit monitoring services at no charge. These services provide you with alerts for 12 months from the date of enrollment when changes occur to your credit file. This notification is sent to you the same day that the change or update takes place with the bureau. Finally, we are providing you with proactive fraud assistance to help with any questions that you might have or in the event that you become a victim of fraud. These services will be provided by Cyberscout through Identity Force, a TransUnion company specializing in fraud assistance and remediation services. We encourage you to monitor your credit card statements for suspicious activity and to report any unauthorized transactions to your financial institution immediately. Additionally, we encourage you to enroll in the complimentary credit monitoring and identity protection services we are making available to you. Information about how to enroll in these services, along with additional resources available to you, are below. Representatives will be available starting on December 1, 2023, and for 90 days thereafter, to assist you with questions regarding this incident between the hours of 8:00 a.m. to 8:00 p.m. Eastern time, Monday through Friday, excluding holidays. Please call the help line at 1-833-990-4044 and supply the fraud specialist with your unique code listed below, or write to us at 200 Industrial Park Blvd, Troy, AL 36081. The privacy and security of information is of the utmost importance to us and we sincerely regret any concern this incident may cause you. Sincerely, Kimber
Who the fuck stores CC in their system these days? And how can Kimber or their third party claim to be PCI complaint ( capable of accepting card not present payments) when they store the CVE? Who is the CISO at Kimber and who is their "third party" hosting service? Who coded this shit and who runs that company?
Note this :"The privacy and security of information is of the utmost importance to us and we sincerely regret any concern this incident may cause you."
No, it's not. You did not know what you were doing and screwed up.
We are writing to notify you of an incident that may affect the privacy of certain information recently provided to us, and to provide you with information about the incident, our response, and resources we are making available to you. On November 7, 2023, Kimber learned an unknown party accessed a software tool used to administer the Kimber online store, which is managed by a third-party. Kimber immediately conducted an investigation and determined the tool was potentially used to gain unauthorized access to certain Kimber customer order information between October 23, 2023, and November 7, 2023. Kimber determined the order information potentially accessed without authorization included your name and the credit card number, expiration date, and CVV code you provided to make a purchase on the Kimber online store between October 23, 2023, and November 7, 2023. Please note we have no reason to believe there was any unauthorized access to information about the specific product(s) you purchased. In response to this incident, we have implemented additional security features on our website and are reviewing our policies and procedures related to data protection. We have also notified law enforcement. While we have no evidence that any information has been misused, in an abundance of caution, we are offering you access to credit monitoring services at no charge. These services provide you with alerts for 12 months from the date of enrollment when changes occur to your credit file. This notification is sent to you the same day that the change or update takes place with the bureau. Finally, we are providing you with proactive fraud assistance to help with any questions that you might have or in the event that you become a victim of fraud. These services will be provided by Cyberscout through Identity Force, a TransUnion company specializing in fraud assistance and remediation services. We encourage you to monitor your credit card statements for suspicious activity and to report any unauthorized transactions to your financial institution immediately. Additionally, we encourage you to enroll in the complimentary credit monitoring and identity protection services we are making available to you. Information about how to enroll in these services, along with additional resources available to you, are below. Representatives will be available starting on December 1, 2023, and for 90 days thereafter, to assist you with questions regarding this incident between the hours of 8:00 a.m. to 8:00 p.m. Eastern time, Monday through Friday, excluding holidays. Please call the help line at 1-833-990-4044 and supply the fraud specialist with your unique code listed below, or write to us at 200 Industrial Park Blvd, Troy, AL 36081. The privacy and security of information is of the utmost importance to us and we sincerely regret any concern this incident may cause you. Sincerely, Kimber
