[NSRCA-discussion] FMA Database Compromised

James Oddino joddino at socal.rr.com
Wed Nov 19 18:18:32 AKST 2008 

My first inkling of trouble came when I got an email telling me my  
Fedex account was approved.  I did nothing as I wasn't even sure it  
was Fedex that sent the email.  The next thing that happened was  
Mastercard called with concern about three purchases going to an  
address different than the billing address and we canceled the card  
immediately.  I then started getting calls from folks all over the  
country who were getting envelopes with checks in them.  I called  
Fedex and made sure the account was closed.  Since then I have been  
getting bills from Fedex and I must be owing close to $9000 now.  I  
can't believe Fedex would let a new account run up that kind of debt  
without ever having done any business with them and never checking to  
see if it were legit.  Makes you want to burn all your credit cards.

Jim O


On Nov 19, 2008, at 6:32 PM, Chris Moon wrote:

> Guys:
> I kind of doubt it was simply a breach of their external credit card  
> processor, and here's why.  On Monday, I received a small print  
> order (less than $6) from an online printing company.  The small box  
> had my name and address correctly on it and it was from a company  
> that had 3 of the fraudulent charges on my credit card.  I did not  
> order this stuff of course, but the thieves clearly had not only my  
> valid credit card number and expiration date as a processing company  
> might have, but had my correct name and address to go with it.  One  
> of the online forums had a posting from a guy who said they had  
> enough info on him to get this bank to release the pin# for his card  
> to THEM and subsequently took out $400 in cash advances.  So unless  
> the credit card processors need the name and address data too in  
> order to process the charges (I know for a fact they did not need  
> this data years ago), I think it was the FMA internal server that  
> was hacked, or an inside job from an employee or ex-employee - which  
> I think is most likely.
>
> Chris
>
> Pete Cosky wrote:
>>
>> That's the truth. A lock only keeps an honest man honest.
>>
>> From what I gathered it wasn't FMA that was compromised, it was  
>> their payment processor, which begs the question how many other  
>> businesses are impacted by this breach.
>> ----- Original Message -----
>> From: Archie Stafford
>> To: 'General pattern discussion'
>> Sent: Wednesday, November 19, 2008 7:29 PM
>> Subject: Re: [NSRCA-discussion] FMA Database Compromised
>>
>> Matt,
>>
>> The security symbol would not have helped here.  I’m sure FMA has a  
>> fairly secure site.  Their database was what was compromised.   
>> Technology improves daily for this type of fraud…but so do the  
>> people doing it.
>>
>> Arch
>>
>>
>> From: nsrca-discussion-bounces at lists.nsrca.org [mailto:nsrca-discussion-bounces at lists.nsrca.org 
>> ] On Behalf Of MATT LIPRIE
>> Sent: Thursday, November 20, 2008 4:53 AM
>> To: mups1953 at yahoo.com; General pattern discussion
>> Subject: Re: [NSRCA-discussion] FMA Database Compromised
>>
>> That is why I am so leary of using a credit card somewhere like  
>> that.   Plus I do always check if the website has a little security  
>> symbol on the bottom of the page.
>>
>> Matthew L.
>> ----- Original Message -----
>> From: mike mueller
>> To: General pattern discussion
>> Sent: Wednesday, November 19, 2008 7:52 AM
>> Subject: Re: [NSRCA-discussion] FMA Database Compromised
>>
>>  Bingo, that explains it. Good catch!
>>
>> --- On Tue, 11/18/08, MKMSG <mkmsg at cox.net> wrote:
>> From: MKMSG <mkmsg at cox.net>
>> Subject: [NSRCA-discussion] FMA Database Compromised
>> To: "NSRCA Discussion List" <nsrca-discussion at lists.nsrca.org>
>> Date: Tuesday, November 18, 2008, 11:14 PM
>> If any of you have recently bought products on line from FMA Direct  
>> using a credit card, check your credit card account.  FMA's  
>> database has been compromised/hacked and whoever has the  
>> information is making charges against the credit cards.  I read  
>> this in the electric forum on Ezonemag.com.    Sure enough, when I  
>> brought up my VISA account, there was a NAPSTER charge there so I  
>> cancelled the card.  You might want to check yours if you've done  
>> business on line with FMA recently.
>>
>> Mike
>>
>> _______________________________________________
>> NSRCA-discussion mailing list
>> NSRCA-discussion at lists.nsrca.org
>> http://lists.nsrca.org/mailman/listinfo/nsrca-discussion
>>
>> _______________________________________________
>> NSRCA-discussion mailing list
>> NSRCA-discussion at lists.nsrca.org
>> http://lists.nsrca.org/mailman/listinfo/nsrca-discussion
>>
>> No virus found in this incoming message.
>> Checked by AVG - http://www.avg.com
>> Version: 8.0.175 / Virus Database: 270.9.7/1799 - Release Date:  
>> 11/19/2008 8:58 AM
>>
>> _______________________________________________
>> NSRCA-discussion mailing list
>> NSRCA-discussion at lists.nsrca.org
>> http://lists.nsrca.org/mailman/listinfo/nsrca-discussion
>> _______________________________________________
>> NSRCA-discussion mailing list
>> NSRCA-discussion at lists.nsrca.org
>> http://lists.nsrca.org/mailman/listinfo/nsrca-discussion
> _______________________________________________
> NSRCA-discussion mailing list
> NSRCA-discussion at lists.nsrca.org
> http://lists.nsrca.org/mailman/listinfo/nsrca-discussion

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nsrca.org/pipermail/nsrca-discussion/attachments/20081120/88a1e755/attachment.html>

More information about the NSRCA-discussion mailing list