Wacky Packages Forum

Wacky Packages Discussion => General Wacky Packages Discussion => Topic started by: crackedjerk on March 04, 2019, 03:44:34 PM

Title: Credit Breach
Post by: crackedjerk on March 04, 2019, 03:44:34 PM
Anyone else get the letter from Topps today saying there was a (potential) credit breach?  I'll be honest, I haven't even read it as it's a bit lengthy and I just walked in the door.  But I'm curious if those who understand such things can put it in plain English.
Title: Re: Credit Breach
Post by: g.u.e.s.t. on March 05, 2019, 12:07:10 PM
I received a letter from Topps today too. They are basically telling you if you made an online purchase at Topps.com between Nov 19, 2018 and Jan 9, 2019 your personal information including your debit or credit card info may have been compromised due to a hack of their website. You should follow the instructions in the letter and check your accounts for any unauthorized charges and consider contacting all three credit reporting agencies.

Unfortunately,  this sort of thing is becoming all too common and frequent.
Title: Re: Credit Breach
Post by: crackedjerk on March 05, 2019, 05:44:20 PM
I received a letter from Topps today too. They are basically telling you if you made an online purchase at Topps.com between Nov 19, 2018 and Jan 9, 2019 your personal information including your debit or credit card info may have been compromised due to a hack of their website. You should follow the instructions in the letter and check your accounts for any unauthorized charges and consider contacting all three credit reporting agencies.

Unfortunately,  this sort of thing is becoming all too common and frequent.

Thanks!  I don't recall if I made a purchase from Topps during that time, though I do check my credit card statements carefully and haven't found a charge.
Title: Re: Credit Breach
Post by: RawGoo on March 06, 2019, 02:46:55 AM
I always checkout with Paypal, so I guess that's why I didn't get a notification.
Title: Re: Credit Breach
Post by: DrDeal on March 06, 2019, 03:07:34 AM
I always checkout with Paypal, so I guess that's why I didn't get a notification.


Same here. 
Title: Re: Credit Breach
Post by: g.u.e.s.t. on March 06, 2019, 05:05:11 AM
I always checkout with Paypal, so I guess that's why I didn't get a notification.

The letter did say they did not find any issues for those that used PayPal.
Title: Re: Credit Breach
Post by: Baked Bears on March 06, 2019, 08:14:02 AM
I would assume - or at least hope - that even if the Topps hackers managed to view transactions involving PayPal, they would then have to breach PayPal's security walls as well in order to access any pertinent information.
Title: Re: Credit Breach
Post by: sco(o)t on March 06, 2019, 12:18:41 PM
I would assume - or at least hope - that even if the Topps hackers managed to view transactions involving PayPal, they would then have to breach PayPal's security walls as well in order to access any pertinent information.

And Topps does not store you Paypal password anywhere, you have to log into Paypal on each transactions, so that helps.
Title: Re: Credit Breach
Post by: Fanatical_and_Sickly on March 06, 2019, 03:12:55 PM
Finally received a letter in the mail today regarding this.

What's lame is that my 'recent order' info in my Topps account has been gutted back to 2015, thanks to their wonderful 'new and improved' website update. I had to search through my saved emails to verify that the OLDS 7 order falls within the window of pain.
Title: Re: Credit Breach
Post by: vahsurfer on March 06, 2019, 06:44:07 PM
Paypal here - No letter - yet.....
Title: Re: Credit Breach
Post by: g.u.e.s.t. on March 07, 2019, 02:44:47 PM
Paypal here - No letter - yet.....

Since you used PayPal, you likely will not get a letter since they claim those that used PayPal were not affected.
Title: Re: Credit Breach
Post by: Swiski on March 09, 2019, 12:09:30 PM
Well, I ordered the Old School set on November 20....one day after the breach! I don't remember how I paid. Should I be concerned?!! What should I do about it?! Sorry...I'm kinda freaking out here!
Title: Re: Credit Breach
Post by: Baked Bears on March 09, 2019, 04:23:02 PM
If you paid by PayPal, you can simply log into your account and see if you made a transaction on the date in question.  PayPal keeps a running record of such things.
Title: Re: Credit Breach
Post by: crackedjerk on March 11, 2019, 06:40:05 PM
Well, I ordered the Old School set on November 20....one day after the breach! I don't remember how I paid. Should I be concerned?!! What should I do about it?! Sorry...I'm kinda freaking out here!

I just checked my paypal account and didn't see an order from Topps.  While I usually use paypal, I must not have this time due to not having any money in my account.  Still, I do check my credit card statements carefully and do still have some kind of "credit watch" protection that I got for the Equifax breach a year or two back, and it hasn't informed me of any suspicious behavior.  When I applied for a new credit card yesterday, I was given an alert, so it makes me think that that credit watch protection is still in effect.  Of course, some hackers could be sitting on my/our info and waiting to use it down the road, but I'm probably just going to keep my fingers crossed and hope nothing comes of it.  Hope that's not famous last words/gestures.
Title: Re: Credit Breach
Post by: g.u.e.s.t. on March 15, 2019, 02:48:54 PM
Well, I ordered the Old School set on November 20....one day after the breach! I don't remember how I paid. Should I be concerned?!! What should I do about it?! Sorry...I'm kinda freaking out here!

You can contact one of the big 3 credit reporting companies (you only have to contact one) and have an alert put on your record. By contacting one of the companies, they are required to notify the other two. That way whenever you (or someone posing as you) tries to open a new account you have to be notified by phone to confirm it's really you. This could give you some peace of mind. Keep it mind, if someone obtained your credit or debit card info this would not stop that. You can look at any of the credit reporting companies websites for more info and more steps you can take.

The best thing is to always check your statements carefully and get an annual credit report, which is free once per year and also check it carefully for any mistakes. I make this a habit as I've read that if your credit/debit card(s) info and/or your identity is stolen, it could take months before someone tries to use it.

Also, avoid public wi-fi, especially when making a purchase or accessing accounts or personal info. Don't use the same password for different accounts. Make your passwords difficult. Believe it or not many people use 'password' or '1234' for a password. And change your passwords often. If you no longer use an account and you can't disable or delete it, go in and change your personal info to fake info. Don't store credit card info on websites or on your computer. Always answer no when prompted to save your credit card info. And never store or save passwords on your cell phone or use an app to do so.

Unfortunately, this sort of thing is the world we live in now with all of our data being out there on the internet just waiting for someone to hack in and steal it. No matter how careful you are, it can happen to anyone.
Title: Re: Credit Breach
Post by: Swiski on March 16, 2019, 05:29:04 AM
Thanks for the advice everybody! No problems so far. I checked my bank and credit record, and everything checks out. Definitely did not pay using Paypal, but in the future I definitely will everywhere I possibly can. I'm also canceling the credit card I used for the order.
Title: Re: Credit Breach
Post by: drono on March 16, 2019, 06:16:54 AM
Also, avoid public wi-fi, especially when making a purchase or accessing accounts or personal info. Don't use the same password for different accounts. Make your passwords difficult. Believe it or not many people use 'password' or '1234' for a password. And change your passwords often. If you no longer use an account and you can't disable or delete it, go in and change your personal info to fake info. Don't store credit card info on websites or on your computer. Always answer no when prompted to save your credit card info. And never store or save passwords on your cell phone or use an app to do so.

Also don't give real answers to your two-factor authentication answers (mother's maiden name, street where I grew up, mascot of my high school) those are too easy to get.  Follow the same rules for password difficulty (at least 10 characters with one upper case,  one number, one special character) and use different ones for different accounts. 

This does make it difficult to keep up with those answers, so you can use a service like LastPass.com (which is free) to keep them.  If you use a service like this, also don't make it obvious what the account is for in case it gets breached.  For example, don't list "Bank of America," list something that you will know but not anyone else like "Red Brick Building on Main."  It's far too easy for cyber criminals to fish out and phish out information on the dark web these days.

Many years ago, I kept my ATM codes in my wallet as phone numbers.  Bank of America was Bill Austin 397-2497, Master Card was Michelle Combs 484-3210.  The first one in the list used the first four numbers of the code (3972), the second in the list used the 2nd through 5th (8432).  It's not foolproof, but I knew how to decode it.  Someone who found or stole my wallet, just thought it was a phone list.
Title: Re: Credit Breach
Post by: vahsurfer on March 17, 2019, 09:55:35 AM
Dennis that is smart, I always had

422-8823 Gold Key
Title: Re: Credit Breach
Post by: g.u.e.s.t. on March 17, 2019, 03:16:40 PM
Also don't give real answers to your two-factor authentication answers (mother's maiden name, street where I grew up, mascot of my high school) those are too easy to get.  Follow the same rules for password difficulty (at least 10 characters with one upper case,  one number, one special character) and use different ones for different accounts. 

This does make it difficult to keep up with those answers, so you can use a service like LastPass.com (which is free) to keep them.  If you use a service like this, also don't make it obvious what the account is for in case it gets breached.  For example, don't list "Bank of America," list something that you will know but not anyone else like "Red Brick Building on Main."  It's far too easy for cyber criminals to fish out and phish out information on the dark web these days.

Many years ago, I kept my ATM codes in my wallet as phone numbers.  Bank of America was Bill Austin 397-2497, Master Card was Michelle Combs 484-3210.  The first one in the list used the first four numbers of the code (3972), the second in the list used the 2nd through 5th (8432).  It's not foolproof, but I knew how to decode it.  Someone who found or stole my wallet, just thought it was a phone list.

All good tips too, thanks!


Title: Re: Credit Breach
Post by: Slaytex99 on March 23, 2019, 07:22:30 PM
With all these "data breaches" (not just Topps) we're all at risk and you should seriously consider freezing your credit with the major agencies.  After freezing, you can always thaw temporarily if you need to use your credit.

http://clark.com/personal-finance-credit/credit-freeze-and-thaw-guide/ (http://clark.com/personal-finance-credit/credit-freeze-and-thaw-guide/)