Its a public relations nightmare, IMO communication direct to customers ASAP is the key to minimise harm. Sending out new adverts while accounts are being emptied is PR at it's worst. It won't magically disappear, man up and help folks out so they can protect themselves. It should be priority number ONE! I cannot believe you have not done this in light of what you know and the distress its causing good folks. When those affected realise you new about this and could have prevented their loss by speaking out so they could have cancelled their cards/accounts they will be majorly pizzed! Stop thinking of yourselves and help them out!!
Bailey's has had a data/security breach. Update!
- Thread starter ANewSawyer
- Start date
Help Support Arborist Forum:
CR888 give it a rest. We all know you hate Bailey's. Shop in your own country.
Grande Dog
ArboristSite.com Sponsor
Howdy,
Hope this doesn't sound like sour grapes. To me it looks strange. They average a post in their forum of some sale, or promotion maybe once a week, or a couple times a month. So then you have the post in the forum about the breach. The next thing you see is a half dozen promotions in 15 minutes. It probably took them that long before they realized they reached the bottom of the literbox, and realized as soon as somebody posted in the breach thread, it came back to the top.
Regards
Gregg
Hope this doesn't sound like sour grapes. To me it looks strange. They average a post in their forum of some sale, or promotion maybe once a week, or a couple times a month. So then you have the post in the forum about the breach. The next thing you see is a half dozen promotions in 15 minutes. It probably took them that long before they realized they reached the bottom of the literbox, and realized as soon as somebody posted in the breach thread, it came back to the top.
Regards
Gregg
nnero
ArboristSite Guru
Just had to cancel a credit card. Wonder if this is why...
CrufflerJJ
ArboristSite Operative
Gregg -
I'm sure that the flurry of Bailey's posts in their forum the day after I created my "Bailey's Website Security Breach" thread is a mere coincidence. Or something like that....maybe....
My thread was created the afternoon of 1/27/16. Bailey's PDF about the data breach almost invisibly posted on their website's homepage ( http://www.baileysonline.com/pdf/databreach_info.pdf ) was created on 1/26/16 using MS-Word 2013 software registered to John Conroy (Bailey's former Director of Marketing until 2/2014).
It was two days until Bailey's made a post in my Bailey's Website Security Breach thread in their forum. They did not say kaka about my post.
I understand that ANY company's website can be hacked. That's a given. What disappoints me, though, are several things:
1) To this day, Bailey's has not emailed me directly, warning me of the breach. Emails are fast and easy, and could have communicated the breach faster than (& in addition to) any mailed notification.
2) Bailey's, while recommending that customers change their login password, has not forced new passwords to be generated on the first login by affected customers. From an IT/computer geek-standpoint, this should be child's play. To neglect this step leaves their customers wide open.
3) Bailey's website, upon login by a customer, does not automatically check to see if that customer placed an order using MC/Visa/AmEx during the vulnerable period, then bounce that customer to a HIGHLY VISIBLE notification/warning screen. Once again, this should be child's play for a good web developer geek.
4) It speaks volumes to me as a customer that I had to read of the breach on another site (OPEHawgzClimberHearthporterznet&stuff). With Baileys being a site sponsor here on ArboristSite, I'd have hoped that they value the membership enough to be proactive and post of the breach IMMEDIATELY. Instead, they didn't say kaka on this site until being "called out" by multiple affected customers. This could be considered an insult to both AS and their "highly valued" customers.
Bailey's response to this incident has been lazy, slow, and ineffective. While apparently complying with legal requirements regarding loss of customer credit card info, they apparently didn't feel the need to go above & beyond.
Lazy.
radioFlash
ArboristSite Lurker
So I finally received a direct email from Bailey's about the data breach this afternoon. It looks like the same information already posted on their website, but I haven't compared them word for word.
CrufflerJJ
ArboristSite Operative
I received one also. Finally.
Almost a week later/slower than it should have been.
Almost a week later/slower than it should have been.
Ozarker 1
ArboristSite Member
Yep, got the e-mail this evening. Yep, slower than it should have been.
Last week I had a $580 charge on my card from wealthyhair.com.....I just received an email from Bailey's today.
ChoppyChoppy
Tree Freak
Nothing here. Have bought stuff in my name as well as have (had at this point) a vendor account for the shop with them.
No email, information nothing.
CrufflerJJ
ArboristSite Operative
Don't worry...Bailey's is just searching for somebody fluent in 'stralian to translate their letter for you.
When Target was hacked it took months before customer's were notified due to an internal investigation by the Fed's in conjunction with the company.
Guido Salvage
Supreme Saw Whoreder
The great thing about America is our ability to vote. In this case, if you do not agree with how the data breach was handled, you can vote to take your business elsewhere. That will have a far greater impact than continuing to beat the dead horse in this thread.
USMC615
Wood's Tougher Than Woodpecker Lips...
I have made one purchase with Baileys...many, many months a ago in 2015. No idea if this is related, but I live in Ga mind you...last week on Jan 26 my card was attempted in Redwood City, Ca for approx $135, my federal credit union denied it. Then on Jan 28 my card was attempted again in Redwood City, Ca for approx $1,201...again my federal credit union denied it. Both attempts at a store called zazzle dot com. Needless to say after being notifed the afternoon on Jan 29, I immediately had my card blocked and a new card issued to me at my credit union first thing Saturday morning, Jan 30. Knock on wood my credit union blocked these attempts and nothing physically drained from my account. Again...no idea if these circumstances are related, i.e. Baileys breech and these scam artist attempts with my card.
Ozarker 1
ArboristSite Member
It is generally recommended to not use a debit card for online transactions.
My Visa CC called me Friday and said I had 2 charges. One was in FL I think and the other was online. Both only $40-50 each. I have no used that CC since Dec 2015, and charged an order on it at Baileys in the summer of 15 I think. not sure related either, that is also why I don't use debit cards online. CC company took it charges off immediately, after 15 min of phone verification, the card was at home.....
They just sent out a notice about 12noon EDT.
So even if someone gets the number is does them no good.
This is the reason I always use single use credit card numbers for online transactions. I also limit them to just a couple dollars more than the transaction total.
So even if someone gets the number is does them no good.
Someone bought a watch from a store in houston with my credit card shortly after the hack..thank god my credit card company made it an easy experience to wipe it out.
Guido Salvage
Supreme Saw Whoreder
I got the e-mail today as well. The card in question has expired so it is moot at this point.
Similar threads
