Jump to content
 

The Signal Box Rochester

GWR Man

By GWR Man,
in Model Shop Guide

Recommended Posts

oreamnos

oreamnos

Posted
Posted

The following email (this is a capture from my screen) from The Signal Box was in my inbox this morning. It says its website was hacked into and customers credit card details were possibly stolen. It goes on to say this is why its website was taken off-line and suggests prudent customers might wish to contact their credit card provider.

 

This is unfortunate.

 

Matt

Link to post
Share on other sites
  • RMweb Gold
Ian Hargrave

Ian Hargrave

Posted
  • RMweb Gold
Posted

t,too ,have had one of these. My C.C. was fraudulently creamed over the course of one weekend earlier this month to the tune of £1700-for 2 items of furniture,a payment to The London Borough of Brent and two separate hotel bills. Fortunately thanls to pdq action on my part (check your balance every day on line) plus a correspondingly positive reaction from the c.c. provider,I have avoided the vale of tears and now have a new card. I HAD thought that it was due to the card being 'skimmed' and then cloned at one of two Heathrow hotels I've stayed at recently prior to two trips abroad--what they sometimes ask you for when you check in,to cover bar bills & extras. Never going to do that again. HOWEVER,since this e-mail,I'm not so sure that the hotel is the culprit. WHAT A MESS! I'll never know for certain.

Link to post
Share on other sites
Andy Y

Andy Y

Posted
Posted

It says its website was hacked into and customers credit card details were possibly stolen. It goes on to say this is why its website was taken off-line and suggests prudent customers might wish to contact their credit card provider.

 

Hi Matt,

 

I removed the image of the email due to certain confidentialities but it didn't actually state the website had been hacked. the phrase used was "It is possible that some of your personal data, which may include credit card details, may have been accessed by a third party without our or your consent." and there are certain subtleties in that and the circumstances.

 

They have emailed or written to any customers who they believe may have faced an issue to highlight this so they can check accounts and make the appropriate contact with the bank or the retailer if necessary to do so.

 

They have been very diligent about the process and the new website will be online as soon as possible.

Link to post
Share on other sites
david12345

david12345

Posted
Posted

I too had a unauthorised spending spree on my card not long after I had recived a package from them in mid July.

 

Luckily the RBS phoned me after an hour or so of use and blocked it.

 

I had my suspicions as I had only used the card with them and a major Supermarket in the past 4 months.

 

Very disappointing and very inconvenient as I was on holiday the following week and had no card.

 

At least they have let it be known they have a security issue, for which we should be grateful.

Link to post
Share on other sites
Matabiau

Matabiau

Posted
Posted

I received the same email this afternoon and upon checking my credit card statement on line discovered an unauthorised debit of 20 Euros made on Tuesday, not long after having made an online purchase from the Signal Box. I would like to thank the Signal Box for warning me so quickly as I may not have picked up on this fraudulent activity for some time otherwise. I will have to wait 10 days for a replacement card so perhaps that will save me some money as I will find it difficult to buy anymore trains in the meantime!

Internet fraud must be an enormous problem now, I work for a large multinational and they have cut all internet access since the beginning of the month following overwhelming hacking activity. I suspect this is an unfortunate sign of things to come.

Link to post
Share on other sites
oreamnos

oreamnos

Posted
Posted

Hi Matt,

 

I removed the image of the email due to certain confidentialities but it didn't actually state the website had been hacked. the phrase used was "It is possible that some of your personal data, which may include credit card details, may have been accessed by a third party without our or your consent." and there are certain subtleties in that and the circumstances.

 

They have emailed or written to any customers who they believe may have faced an issue to highlight this so they can check accounts and make the appropriate contact with the bank or the retailer if necessary to do so.

 

They have been very diligent about the process and the new website will be online as soon as possible.

 

Thanks, Andy for the explanation after removing the image. Just to be clear, I used the phrase "hacked into" only for the sake or brevity as I expected readers would be able to examine the (now removed) notice from The Signal Box and the actual language contained therein.

 

No fraudulent charges on my accounts, so far. I wonder if that is because they are U.S. accounts? No matter. Glad to hear they are sorting it.

 

Matt

Link to post
Share on other sites
  • RMweb Gold
tetsudofan

tetsudofan

Posted
  • RMweb Gold
Posted

Month or so I got a new credit card to use as a back-up for my main card just in case my main card was compromised. Received the first statement for the new card on Wednesday and noted 4 transactions from PayPal which had been reversed and one transaction from E-Bay outstanding. Called the card provider and got a refund for the E-Bay transaction as well as asking for a new card - which arrived today which was super duper fast.

 

When I received the Signal Box e:mail today everything fell in place - I had used the new card number when I pre-ordered the Cl.47 limited edition soon after I got the new card. Just glad that I had not used my main card as the last time that got cloned it took nearly 2 weeks to get a new card.

 

Signal Box have, I think, already changed the way they process credit card transactions. They called me earlier this week to advise that the ex-LMS departmental coaches had arrived. They then processed the card transaction whilst we talked.

 

Keith

Link to post
Share on other sites
  • RMweb Premium
Gwiwer

Gwiwer

Posted
  • RMweb Premium
Posted

What is the Law now regarding UK-based businesses retaining your card and personal details themselves? I understand it is normal that these are actually held by a third party secure server and not within the business itself as an additional precaution against the information being stolen but that this is not actually a legal requirement. In my own line of work (not in the UK) we take payments which are processed this way and store no card data whatsoever ourselves.

 

It seems SB has acted swiftly and diligently in the matter for which all credit is due. But it makes me wonder whether any of the other businesses where my account details are retrieved with no more than an email address being entered are actually storing that data as a cookie on a shop computer or whether it is all linked through to an unknown remote site. Thank goodness for having to also clear 3D security where the transaction will not be cleared by my bank until I have also passed a security step.

 

I have had transactions on my present card with SB but nothing untoward has occurred and I have not received any warning email. As with others I might have been lucky being a non-UK customer.

Link to post
Share on other sites
Andy Y

Andy Y

Posted
Posted

I understand it is normal that these are actually held by a third party secure server and not within the business itself as an additional precaution against the information being stolen but that this is not actually a legal requirement. In my own line of work (not in the UK) we take payments which are processed this way and store no card data whatsoever ourselves.

 

I know it's awkward but I don't want the discussion or speculation to drift too far down this line whilst processes are still underway or comment on specifics. Thanks.

Link to post
Share on other sites
The Lurker

The Lurker

Posted
Posted

I too have had a spending spree on my card and in fact contacted Signal Box to say I had cancelled the card (which I had used on a pre-order too). The e-mail mean things fell into place; and there I was mentally blaming the local curry house ;)

 

Fortunately my card provider covers me against all fraudulent transactions on my card - and in fact had put a stop on my card before I got to cancel it myself.

Link to post
Share on other sites
Bill

Bill

Posted
Posted

Hear Hear. I too am a very satisfied customer of Signal Box and remain so.. Stuff happens even to the best.

Thanks to one and all for their postings now I know what has probably happened.. My credit card went AWOL at the same time as everyone else's - It can't just be coincidence! - My CC provider spotted it before any damage was done - some toe-rag tried to run up a bill for around US$1500 and somehow they knew it was not me and shut the card down. I have just received the replacement - so all is now happy again in "Debt for the Love of Railways Land!"

Link to post
Share on other sites
Jack

Jack

Posted
Posted

Just after I last purchased something from Signal Box someone used my card for a spending spree ...

 

... wait, that one was mine

 

... so was that

 

... and that

 

... and, er ... ;)

 

Seriously, well done Signal Box for prompt action.

Link to post
Share on other sites
  • RMweb Premium
wrex

wrex

Posted
  • RMweb Premium
Posted

Both my Dad and I had our credit cards fraudulently used online within a week of each other in late May/early June. The one retailer we both used was thesignalbox.co.uk. In my instance the bank refunded my money straight away, but my Dad had to write a series of letters to Barclays for a few months to clear all the disputed amounts.

 

It's a shame that the signalbox haven't given a period in which this data was stolen - was this ongoing or a one-off raid on their servers? - and also that it has taken so long for a half-hearted apology.

 

I have one pre-order left with them (with my new card - hopefully I don't need to replace that one?) but after that I'm not sure if they'll get our custom.

Link to post
Share on other sites
  • RMweb Premium
petethemole

petethemole

Posted
  • RMweb Premium
Posted

I would imagine that the case is ongoing as regards possible criminal or civil proceedings against the third party, individual or organisation, involved. Hence the wording of Signal Box's communications with affected customers has to be very careful. An apology at this stage, for a situation that was presumably out of SB's control, might be taken by lawyers as an admission of whole or partial liability, thereby damaging the case.

Pete

Link to post
Share on other sites
Kal

Kal

Posted
Posted

Hi

 

It most certainly is not something beyond their control. IT Security is the responsibility of anyone who carries out e-commerce and there are PCI standards to follow. It is a point of fact that their IT security was below a standard to be expected or they would have notified people within hours of the the loss occuring, as it was it took over a month and even then it is unspecific on what details were lost.

The sad truth is that many other e-commerce providers will also have sub-standard IT security, but have not yet been caught out. To point to the endemic nature of such poor security in commerce as a whole does not excuse individual cases.

Frankly, their response was not good, but hopefully they will make it better moving forward. I have been an otherwise satisifed customer, but I will need some convincing before I trust them with my CC details in the near future.

 

Regards

 

Kal

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...