oreamnos Posted August 24, 2012 Share Posted August 24, 2012 The following email (this is a capture from my screen) from The Signal Box was in my inbox this morning. It says its website was hacked into and customers credit card details were possibly stolen. It goes on to say this is why its website was taken off-line and suggests prudent customers might wish to contact their credit card provider. This is unfortunate. Matt Link to post Share on other sites More sharing options...
RMweb Gold Ian Hargrave Posted August 24, 2012 RMweb Gold Share Posted August 24, 2012 t,too ,have had one of these. My C.C. was fraudulently creamed over the course of one weekend earlier this month to the tune of £1700-for 2 items of furniture,a payment to The London Borough of Brent and two separate hotel bills. Fortunately thanls to pdq action on my part (check your balance every day on line) plus a correspondingly positive reaction from the c.c. provider,I have avoided the vale of tears and now have a new card. I HAD thought that it was due to the card being 'skimmed' and then cloned at one of two Heathrow hotels I've stayed at recently prior to two trips abroad--what they sometimes ask you for when you check in,to cover bar bills & extras. Never going to do that again. HOWEVER,since this e-mail,I'm not so sure that the hotel is the culprit. WHAT A MESS! I'll never know for certain. Link to post Share on other sites More sharing options...
Andy Y Posted August 24, 2012 Share Posted August 24, 2012 It says its website was hacked into and customers credit card details were possibly stolen. It goes on to say this is why its website was taken off-line and suggests prudent customers might wish to contact their credit card provider. Hi Matt, I removed the image of the email due to certain confidentialities but it didn't actually state the website had been hacked. the phrase used was "It is possible that some of your personal data, which may include credit card details, may have been accessed by a third party without our or your consent." and there are certain subtleties in that and the circumstances. They have emailed or written to any customers who they believe may have faced an issue to highlight this so they can check accounts and make the appropriate contact with the bank or the retailer if necessary to do so. They have been very diligent about the process and the new website will be online as soon as possible. Link to post Share on other sites More sharing options...
david12345 Posted August 24, 2012 Share Posted August 24, 2012 I too had a unauthorised spending spree on my card not long after I had recived a package from them in mid July. Luckily the RBS phoned me after an hour or so of use and blocked it. I had my suspicions as I had only used the card with them and a major Supermarket in the past 4 months. Very disappointing and very inconvenient as I was on holiday the following week and had no card. At least they have let it be known they have a security issue, for which we should be grateful. Link to post Share on other sites More sharing options...
Matabiau Posted August 24, 2012 Share Posted August 24, 2012 I received the same email this afternoon and upon checking my credit card statement on line discovered an unauthorised debit of 20 Euros made on Tuesday, not long after having made an online purchase from the Signal Box. I would like to thank the Signal Box for warning me so quickly as I may not have picked up on this fraudulent activity for some time otherwise. I will have to wait 10 days for a replacement card so perhaps that will save me some money as I will find it difficult to buy anymore trains in the meantime! Internet fraud must be an enormous problem now, I work for a large multinational and they have cut all internet access since the beginning of the month following overwhelming hacking activity. I suspect this is an unfortunate sign of things to come. Link to post Share on other sites More sharing options...
oreamnos Posted August 24, 2012 Share Posted August 24, 2012 Hi Matt, I removed the image of the email due to certain confidentialities but it didn't actually state the website had been hacked. the phrase used was "It is possible that some of your personal data, which may include credit card details, may have been accessed by a third party without our or your consent." and there are certain subtleties in that and the circumstances. They have emailed or written to any customers who they believe may have faced an issue to highlight this so they can check accounts and make the appropriate contact with the bank or the retailer if necessary to do so. They have been very diligent about the process and the new website will be online as soon as possible. Thanks, Andy for the explanation after removing the image. Just to be clear, I used the phrase "hacked into" only for the sake or brevity as I expected readers would be able to examine the (now removed) notice from The Signal Box and the actual language contained therein. No fraudulent charges on my accounts, so far. I wonder if that is because they are U.S. accounts? No matter. Glad to hear they are sorting it. Matt Link to post Share on other sites More sharing options...
Gareth Collier Posted August 24, 2012 Share Posted August 24, 2012 I've also had the email which explains the recent spending spree on my account. The best item was the top of the range £109.99 Norton antivirus software. At least no-one will be able to access their details Gareth Link to post Share on other sites More sharing options...
Andy Y Posted August 24, 2012 Share Posted August 24, 2012 The best item was the top of the range £109.99 Norton antivirus software. Take some solace from the fact that their PC is now terminally slow. Link to post Share on other sites More sharing options...
Butler Henderson Posted August 24, 2012 Share Posted August 24, 2012 Take some solace from the fact that their PC is now terminally slow. The bloated days of Norton have long gone and it no longer seems to have the performance hit that it use to. Link to post Share on other sites More sharing options...
RMweb Gold tetsudofan Posted August 24, 2012 RMweb Gold Share Posted August 24, 2012 Month or so I got a new credit card to use as a back-up for my main card just in case my main card was compromised. Received the first statement for the new card on Wednesday and noted 4 transactions from PayPal which had been reversed and one transaction from E-Bay outstanding. Called the card provider and got a refund for the E-Bay transaction as well as asking for a new card - which arrived today which was super duper fast. When I received the Signal Box e:mail today everything fell in place - I had used the new card number when I pre-ordered the Cl.47 limited edition soon after I got the new card. Just glad that I had not used my main card as the last time that got cloned it took nearly 2 weeks to get a new card. Signal Box have, I think, already changed the way they process credit card transactions. They called me earlier this week to advise that the ex-LMS departmental coaches had arrived. They then processed the card transaction whilst we talked. Keith Link to post Share on other sites More sharing options...
RMweb Premium Gwiwer Posted August 25, 2012 RMweb Premium Share Posted August 25, 2012 What is the Law now regarding UK-based businesses retaining your card and personal details themselves? I understand it is normal that these are actually held by a third party secure server and not within the business itself as an additional precaution against the information being stolen but that this is not actually a legal requirement. In my own line of work (not in the UK) we take payments which are processed this way and store no card data whatsoever ourselves. It seems SB has acted swiftly and diligently in the matter for which all credit is due. But it makes me wonder whether any of the other businesses where my account details are retrieved with no more than an email address being entered are actually storing that data as a cookie on a shop computer or whether it is all linked through to an unknown remote site. Thank goodness for having to also clear 3D security where the transaction will not be cleared by my bank until I have also passed a security step. I have had transactions on my present card with SB but nothing untoward has occurred and I have not received any warning email. As with others I might have been lucky being a non-UK customer. Link to post Share on other sites More sharing options...
Andy Y Posted August 25, 2012 Share Posted August 25, 2012 I understand it is normal that these are actually held by a third party secure server and not within the business itself as an additional precaution against the information being stolen but that this is not actually a legal requirement. In my own line of work (not in the UK) we take payments which are processed this way and store no card data whatsoever ourselves. I know it's awkward but I don't want the discussion or speculation to drift too far down this line whilst processes are still underway or comment on specifics. Thanks. Link to post Share on other sites More sharing options...
Melly Posted August 25, 2012 Share Posted August 25, 2012 I have a separate card for railway purchases and this will be the THIRD time this year I've had to Cnx it due to actual OR risk of fraud. Blimey, what is the world coming to ...... and Link to post Share on other sites More sharing options...
The Lurker Posted August 28, 2012 Share Posted August 28, 2012 I too have had a spending spree on my card and in fact contacted Signal Box to say I had cancelled the card (which I had used on a pre-order too). The e-mail mean things fell into place; and there I was mentally blaming the local curry house Fortunately my card provider covers me against all fraudulent transactions on my card - and in fact had put a stop on my card before I got to cancel it myself. Link to post Share on other sites More sharing options...
Bill Posted August 29, 2012 Share Posted August 29, 2012 Hear Hear. I too am a very satisfied customer of Signal Box and remain so.. Stuff happens even to the best. Thanks to one and all for their postings now I know what has probably happened.. My credit card went AWOL at the same time as everyone else's - It can't just be coincidence! - My CC provider spotted it before any damage was done - some toe-rag tried to run up a bill for around US$1500 and somehow they knew it was not me and shut the card down. I have just received the replacement - so all is now happy again in "Debt for the Love of Railways Land!" Link to post Share on other sites More sharing options...
Jack Posted August 29, 2012 Share Posted August 29, 2012 Just after I last purchased something from Signal Box someone used my card for a spending spree ... ... wait, that one was mine ... so was that ... and that ... and, er ... Seriously, well done Signal Box for prompt action. Link to post Share on other sites More sharing options...
RMweb Premium wrex Posted August 29, 2012 RMweb Premium Share Posted August 29, 2012 Both my Dad and I had our credit cards fraudulently used online within a week of each other in late May/early June. The one retailer we both used was thesignalbox.co.uk. In my instance the bank refunded my money straight away, but my Dad had to write a series of letters to Barclays for a few months to clear all the disputed amounts. It's a shame that the signalbox haven't given a period in which this data was stolen - was this ongoing or a one-off raid on their servers? - and also that it has taken so long for a half-hearted apology. I have one pre-order left with them (with my new card - hopefully I don't need to replace that one?) but after that I'm not sure if they'll get our custom. Link to post Share on other sites More sharing options...
RMweb Premium petethemole Posted August 29, 2012 RMweb Premium Share Posted August 29, 2012 I would imagine that the case is ongoing as regards possible criminal or civil proceedings against the third party, individual or organisation, involved. Hence the wording of Signal Box's communications with affected customers has to be very careful. An apology at this stage, for a situation that was presumably out of SB's control, might be taken by lawyers as an admission of whole or partial liability, thereby damaging the case. Pete Link to post Share on other sites More sharing options...
david12345 Posted September 3, 2012 Share Posted September 3, 2012 Had a call from a 3rd party today about purchases on my card. So looks like they have my personal details inc phone no. aswell as credit card details. No limited edition is worth this amount of trouble. Link to post Share on other sites More sharing options...
Billystanier Posted September 6, 2012 Share Posted September 6, 2012 Same with me when I had the fraud - first I knew about it was when some guy was phoning me up about the design of some hooded tops I'd 'ordered'. Think they got the full monty of personal details. Link to post Share on other sites More sharing options...
Kal Posted September 6, 2012 Share Posted September 6, 2012 Hi It most certainly is not something beyond their control. IT Security is the responsibility of anyone who carries out e-commerce and there are PCI standards to follow. It is a point of fact that their IT security was below a standard to be expected or they would have notified people within hours of the the loss occuring, as it was it took over a month and even then it is unspecific on what details were lost. The sad truth is that many other e-commerce providers will also have sub-standard IT security, but have not yet been caught out. To point to the endemic nature of such poor security in commerce as a whole does not excuse individual cases. Frankly, their response was not good, but hopefully they will make it better moving forward. I have been an otherwise satisifed customer, but I will need some convincing before I trust them with my CC details in the near future. Regards Kal Link to post Share on other sites More sharing options...
Andy Y Posted September 6, 2012 Share Posted September 6, 2012 You can't make such categoric statements unless you are aware of the full facts so can we please ease off on supposition? Link to post Share on other sites More sharing options...
RMweb Gold Ian Hargrave Posted September 10, 2012 RMweb Gold Share Posted September 10, 2012 A new website has appeared Link to post Share on other sites More sharing options...
RMweb Premium brushman47544 Posted September 13, 2012 RMweb Premium Share Posted September 13, 2012 A new website has appeared What's the address? The old website at thesignalbox.co.uk doesn't work and Google doesn't find anything else. Link to post Share on other sites More sharing options...
RMweb Gold Ian Hargrave Posted September 13, 2012 RMweb Gold Share Posted September 13, 2012 Sorry,Andrew,you are right. I've tried both Windows IE and Firefox and they have disappeared from cyberspace. It's a Marie Celeste happening.However,it WAS on-line yesterday and no,I'm not having a 'senior moment'. Ian. Link to post Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.