# Baileys Online Breached



## TimR (Feb 1, 2016)

just got an email from Bailey's that they had a data breach sometime between September and early January of this year .
They've notified people that use credit cards for purchases, that information enabling someone to make fraudulent purchases was obtained. 
Here's the details :

Recently, an examination by our computer security consultant revealed that someone without authorization accessed and likely stole credit card information belonging to our customers from our website. The thief or thieves accessed our website remotely and overcame our firewall and security protections. If you are receiving this letter, then we have identified you as one of the people who placed an order within the affected date range, identified below, and may have had certain protected information misappropriated.

The compromise event began on September 25, 2015 and involved persons capturing keystrokes as customers typed information onto BaileysOnline.com. The breach event was found and confirmed on January 11, 2016 and stopped on January 13, 2016. It was an exploitation event introduced through a known defect in Windows 2008 Security. The theft involved @15,000 credit cards used to pay for purchases on our website during the above time frame. Of these @15,000 cards, nearly 25% were MasterCard® cards, 64% were VISA® cards, and fewer than 5% and 6% were American Express® and Discover® cards, respectively. 

What Information Was Involved

The types of information taken appears to include credit card numbers, cardholder names, address and phone numbers, eMail addresses, CCV numbers, card expiration date, your log-in and password to BaileysOnline.com and any other information typed into our website related to your order. However, the following information is NOT included in what was taken: PINs (personal identification numbers), Social Security numbers, bank account numbers, and other personally identifiable information.

What We Are Doing

We have reported the theft to various law enforcement agencies, and are cooperating with them in their investigation. We also have notified Wells Fargo Bank, who handles our credit card transactions, along with MasterCard®, VISA®, American Express® and Discover®. We have no indication that any PayPal accounts were impacted.

We also have engaged a security consultant and have been implementing their recommendations to strengthen our firewall and other security protections (described below). We also have retained one of the 11 Forensic Web Security firms approved by Wells Fargo to address this data breach. 

In some states we are required to notify a state agency or Attorney General’s Office, and Bailey’s is complying with all of those legal requirements.

What You Can Do

We strongly encourage you to take preventive measures now to help prevent and detect any misuse of your information. We suggest that you change your log-in and password for BaileysOnline.com. You may also want to cancel the credit card(s), if any, that you think you may have used here. You may also want to place a fraud alert or order a security freeze on your credit reports with the three major credit reporting agencies: (1) Equifax: 1-800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241; (2) Experian: 1-888-EXPERIAN (397-3742); www.experian.com; P.O. Box 2002, Allen, TX 75013; and (3) TransUnion: 1-800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790. You may want to ask for a free copy of your credit report from each agency, and ask that only the last four digits of your Social Security number appear on your credit reports. 

There are several things that you may want to do to protect yourself against possible identity theft if the information does get into the wrong hands. These include: (1) watch for phishing attempts and malicious email; (2) watch for scam U.S. mail; and (3) stay alert to signs of identity theft. 

The Federal Trade Commission has published some information about how to defend against identity theft at: http://www.consumer.ftc.gov/features/feature-0014-identity-theft. We suggest that you submit a complaint with the FTC by calling 1-877-ID-THEFT (1-877-438-4338) or going online at https://www.ftccomplaintassistant.gov/. 

Bailey’s Commitment 

We apologize for the inconvenience resulting from the theft by unknown people of your information described above. Please note that we have taken immediate steps to prevent a reoccurrence. In this regard, we have (i) enhanced our firewalls, (ii) integrated mandatory changes with respect to our passwords and (iii) integrated new software into our website. Please know that Bailey’s is PCI compliant, never sells, trades or otherwise releases any personal information of our customers and is committed to offering the most secure user experience for our customers. 

For questions relating to this event please call (888) 582-3816 between the hours of 8:00 a.m. and 5:00 p.m. P.S.T.

Sincerely,
The Bailey’s Team


----------



## Schroedc (Feb 1, 2016)

Ouch, That's scary, seems to be epidemic with places in the last year or two...

Reactions: Agree 2


----------



## Kevin (Feb 1, 2016)

I've received several similar notices from websites also. Lots of hacking going on.


----------



## woodtickgreg (Feb 1, 2016)

I do use lifelock and it works great! I also have a fraud alert on all three credit reporting agencies. My wallet was stolen about a year ago and the thieves keep trying to use my identity to open credit, lifelock has stopped everything. The police won't do anything to try and catch these idiots. Pisses me off!


----------



## JR Custom Calls (Feb 1, 2016)

Oddly I didn't get an email, I was thinking I had ordered some stuff from them during that time, but I must not have. 

That said, I'm currently dealing with fraudulent charges on one of my cards. Luckily the card company caught it, and only one transaction went through. The weird part is that the purchase they made was shipped to me. Let me assure you, I have no need for ladies size 10.5 cleats haha. The card company has been great, but my gosh what a hassle it has been dealing with all of this.

Reactions: Agree 1


----------



## Kevin (Feb 1, 2016)

woodtickgreg said:


> The police won't do anything to try and catch these idiots. Pisses me off!



They're too busy writing speeding tickets.

Reactions: Agree 1


----------



## woodtickgreg (Feb 1, 2016)

Kevin said:


> They're too busy writing speeding tickets.


And the crooks know nothing will be done.They do everything from a cell phone that they probably got fraudulantly or stole anyway. They keep trying to open cell phone accts. They try about every 3 months or so with every company out there, even through best buy.


----------



## HomeBody (Feb 2, 2016)

I almost ordered a new bar from Bailey's but have been putting it off. Glad I did. Last previous order was quite a while ago. When hackers like that are caught they should have their right hand cut off.(Saudi Arabia calling) Then they could only hunt and peck with their left hand. That might slow them down. Gary

Reactions: Agree 1


----------



## frankp (Feb 2, 2016)

HomeBody said:


> I almost ordered a new bar from Bailey's but have been putting it off. Glad I did. Last previous order was quite a while ago. When hackers like that are caught they should have their right hand cut off.(Saudi Arabia calling) Then they could only hunt and peck with their left hand. That might slow them down. Gary


Most of it's automated anyway. The manual effort you see in the movies is a thing of the past, for the most part. Cutting off hands wouldn't do any good... speech to text works pretty well these days.


----------



## TimR (Feb 2, 2016)

The irony is that the card I used at Bailey's was caught with fraudulent charges earlier this month, and replaced, so the charges I had from Baileys last October would have the obsolete card. Perhaps the fraudulent charge was from the Bailey's breach??? Oh well, it was a pain restoring accounts that used that same account, so just glad I don't have to repeat it. 
I will say that I've been lucky in that while I've had several attempts to charge my card, the card company has always been on top of it and flagged to me.


----------



## Kevin (Feb 2, 2016)

TimR said:


> The irony is that the card I used at Bailey's was caught with fraudulent charges earlier this month, and replaced, so the charges I had from Baileys last October would have the obsolete card. Perhaps the fraudulent charge was from the Bailey's breach??? Oh well, it was a pain restoring accounts that used that same account, so just glad I don't have to repeat it.
> I will say that I've been lucky in that while I've had several attempts to charge my card, the card company has always been on top of it and flagged to me.



I haven't been as lucky as you Tim. I have been trying to hack Henry's account to buy a bunch of curly koa for years and have not been able to yet. But I'm not a quitter!

Reactions: Funny 2


----------

