Reports are surfacing of a possible data breach at the magazine clearing house GunMag Warehouse. Reddit Users who purchased the 6 pack of Hexmags deal are reporting that they were receiving calls from their credit card fraud departments as well as seeing transactions anywhere from 28 cents all the way up to the thousands of dollars. With data breaches becoming more commonplace the theft of payment data wouldn’t be a stretch given the recent data breach at AIM as well as a multitude of brick and mortar retailers.
One of the users on Reddit stated that he used his debit card to place the order, then while out to dinner with his significant other learned that his account had been cleared out when his card was declined. Another user reports that he had 2 separate large dollar purchases declined by the fraud department. Since he canceled the card the payment information that he included with a Form 1 will not longer be accurate and is concerned that he might need to resubmit.
TFB reached out to GunsMag Warehouse and they made the following statement …
Dear Gunmag Warehouse Customers,
We were made aware of a possible security breach last week and immediately hired the cyber security experts at Securi to conduct an investigation. They isolated and patched the offending vulnerability within our e-commerce platform. This exploit appears to have arisen after a recent third-party module update made on June 6th. While our database was never compromised, orders placed from June 6th – July 19th may have been affected.
To ensure the security of our checkout going forward, Securi conducted a new audit this morning and verified our site as secure. We consider the safety of our customer’s information to be of the utmost importance, and will continue to do everything possible to keep our checkout secure.
Furthermore, in an effort to keep your data secure we do not – nor have we ever stored any CC info on our servers. To ensure another event like this does not reoccur, Gunmag Warehouse will be implementing additional security protocols to ensure our site has redundant security points.
We apologize for the trouble this may have caused some of our customers. Please do not hesitate to call our support team if you have any further questions or concerns.
We appreciate your patience and understanding in this matter,
1. There is no correlation between our recent hexmag promo and the security breach.
2. We did not respond sooner because we wanted to make sure we had all the details regarding the security breach. These Security breaches can be complex and thus take time to fully understand the depth of the issue. If we responded immediately without all the facts we would have been guessing.
3. Customer service is currently reaching out to customers known to be affected during these dates. We feel this is better than sending out a mass email as we will be able to answer any questions customers may have on a case by case basis.
4. Any information entered at checkout during these dates may have been compromised. This includes names, billing/shipping addresses and CC info. Passwords to accounts would only have been compromised if the account was created at checkout. Since the database was never compromised any past orders were not affected.
5. Our site is 100% secure and we will be rolling out additional security protocols over the next few weeks.
6. We have reached out to other payment processors in the past to offer more options. Unfortunately, most of them including Paypal are not 2a friendly.
7. Support can be reached over the phone or by email Monday-Friday 10am to 6pm. Our direct line 305-901-2223 and our email is email@example.com
Editor’s note: I really appreciate a company being upfront about this. Data breaches do happen. It’s what companies do after that really matters.