Karaoke Forums

I'm posting this here because it seems more fitting in the tech section than the general Karaoke section and since it is related to our profession I didn't want to hide it in the anything goes forum.

I know a number of folks here order from Monoprice. I just made my first purchase from them a couple months ago. Over the weekend I got a notice from them that their systems had been compromised and data has been stolen. The data includes personal and credit card information. Since receiving the notice I've gone and done some research and found out how long they sat on reports from customers about a potential breach. I've also taken the necessary safeguards from my end.

I'm posting this for two reasons, one to make sure that anyone here who orders from them watches their accounts and credit reports closely. I work in a profession that deals with breeches like this and their subsequent forensic investigations. I can tell you that companies only notify those that they believe may have been compromised but it is often times very difficult to tell just how much data an attacker had access to or how long they had access. So even if Monoprice hasn't notified you, if you've ordered from them I would recommend just being watchful of your accounts.

Second reason I post this is that I generally try to shy away from vendors who've had compromises such as this. Credit Card data should only be used and stored long enough to process the transaction. Storing after that just exposes the potential for issues like this. I never consented to monoprice storing this information and so I'm not really very happy with them. I deal with Visa PCI compliance issues all the time (although unfortunately vendors aren't required to be compliant) and I know what leads to these types of breeches. Proper due diligence could have prevented this breech, but obviously they have gaps in their controls.

So they've given me 12 months of identity theft protection, well great that doesn't help if they use my CC info, so I had to have new cards sent (and Monoprice won't cover the cost of having the process expedited so that I wouldn't be without a card for 2 weeks). Again I'm not thrilled with them and probably will not return as their customer.

_________________
DJ Tony
Let It Rip Karaoke

I'll be the opposing voice on this and say that were incredibly open about what happened, the site was taken down straight away and investigated, they then took extra steps before allowing credit card sales back, limiting it to paypal first.

If any of you are concerned about theft of card details you can get one use card numbers from Bk Of America, Citibank and others if you bank with them for just these kind of online purchases.

I had my wallet stolen the old fashioned way once and got everything changed back and fees / charges etc removed. Bit of a hassle but them's the breaks. I'm fairly certain the news about TJ Maxx credit card numbers being stolen didn't surface for several months after the fact, Monoprice put it up front and center within hours, before they even knew what if anything had been compromised.

Not to take anything away from your concern, just to say that no organization is bullet proof.


- Jonn

To be fair, yes once Monoprice was "aware" of the issue, they did take appropriate actions and were clear about communicating it. And they did much better than TJX who knowingly hid it for what now appears to longer than a year. So yes I'll give them credit for that.

My problems center around first and foremost the number of reports that Monoprice received from their consumers who suspected that their data had been stolen before they finally took action to investigate and become aware of the issue. Again another issue is why was this information even stored on their system to be stolen? Once my transaction is complete, if I haven't specifically told them to store that info they shouldn't be. Finally, I'm irritated that they would not cover the cost of expediting my new cards. When you call your credit card company with information like this they immediately shut down your card and ship you new ones. But that process takes a while. So I had the choice to either be stuck without a card for 2 weeks or more or pay a $25 fee to receive it in a few days. Monoprice should be covering that, it was their breech, their failure to protect my data.

As far as using a zero liability card, that protects your money in the short term, but consider this. For every fraudulent transaction that B of A or others cover, that's money they have to make up elsewhere. Wonder why your fees and interest charges are so high? There's part of your answer. Also, that only protects your money, doesn't protect you from identity theft.

_________________
DJ Tony
Let It Rip Karaoke