[Debbie Cleek]

Many of you may have noticed recent posts on the Forum related to Scrap Girls customers who have had fraudulent charges on their credit cards. I want let you to know that I am aware of these posts but have been working through all the proper channels before addressing these comments publicly. Your security is of utmost importance and I wanted to make sure a thorough investigation and fix was in place before anything else.

Today I sent out an email letter to many of our customers letting them know that the internet server at Modular Merchant, where our storefront is housed, was targeted by an aggressive hacker this summer and this person was able to obtain some of our customers credit card information. We have learned that the threat occurred between the dates of July 25th, 2012 and September 4th, 2012 and we have contacted all the customers that may have been affected. We believe that this hacker obtained the credit card numbers during the period of the breach, but may have held on to them and is now using them for transactions. If for some reason you did not receive an email today and think you should have, please let me know right away. If you did place an order during this time we want to help you communicate with your credit card companies to insure your information is safe.

The very most important thing I want you know is as a result of this breach and our recent storefront upgrade our site is more secure then it ever has been before. Though we have always taken every security precaution available, our servers are now under heightened protection. We are also actively involved in a criminal investigation with the FBI to catch and prosecute the hacker. Thanks to the vigilance and actions of our customers and security provider we hope to help law enforcement put this criminal behind bars.

I want you to know that it has been very difficult to not immediately answer these posts and tell you that I am doing everything in my means to make sure your information is safe. But I wanted to make sure that the problem had been completely resolved, and I had all the information available to me to be able to assure you that things are 100% secure. Now that this information is public I want to answer any questions you may have.

If you have any questions or comments, or want to know any specifics about what Scrap Girls does to protect your personal information feel free to post them here and I will try my very best to answer them. If your question is more personal in nature, please do not hesitate to send me a PM.

Your security and your trust couldn’t be more important to us. Many, many people depend on that trust and the orders that you make to support their families. I truly apologize for any concern or inconvenience this has caused. My own credit card had fraudulent charges on it and I had to cancel with the bank and wait days for a new one to arrive, so I know what a headache this is. I want to do everything I can to have you feel safe and valued when you shop, share and participate at Scrap Girls. You have all been so supportive of this company, and so welcoming to me as it’s new leader and I hope that we can continue to support each other through this temporary turmoil.

[CRS]

It's good to know that everyone is working behind the scenes to catch the hacker! In my case, someone stole my dh's credit card and debit card, so I know it wasn't related to Scrap Girls!

[BarbaraC1977]

Thank you for contacting us proactively, Debbie. Scrap Girls remains the BEST!

One side question, if we pay via PayPal, does this breach involve that method as well? Thanks in advance.

[Debbie Cleek]

No Barbara - No one who uses Pay Pal was affected. It was only customers that checked out using a credit card during the period of the breach.

[Ro]

It's a very difficult situation and you've handled it extremely professionally, Debbie. I know how hard you've been working to manage everything properly because the safety and security of our customers has always been a top priority at Scrap Girls.

I'm so proud of you right now. If I were with you, I'd give you a great big hug and a lot of dark chocolate.

[CreativeSparkle]

I am really grateful that I work with a company that is willing to come forward and publicly alert their customers of this serious security issue even though it is possible that there will be a loss of customers. I know personally that Debbie has been working really hard to make sure everything was taken care of in the proper way and as quickly as possible. I feel confident that with the additional measures that have been put in place our information is secure and I plan to keep buying the Scrap Girls products I love.

I agree with Ro you deserve a big, warm, fuzzy hug and some chocolate!

[misseswojo]

Debbie,

I just happened to come across this posting this evening. I haven't received any emails. I had to cancel my credit card that I use for ScrapGirls because of fraudulent charges. I can view my accounts online and I am always checking them, just keeping an eye out. Well yesterday I noticed the charges, called, and canceled the card right away. Now I was able to call my bank today and they were nice enough to give me all the new credit card information (without having received the new cards yet) to use for the various items that automatically get charged to my account each month. So I am able to go and make these changes. For instance, I had to change the information for the Scrapgirls Clubs that automatically bill this particular credit card. I do hope that this doesn't happen again with my new credit card, given the fact that I haven't even received the actual card yet in the mail. Now I do also have I believe 2 other credit cards on file, one actually being a debt card. I am now concerned about this one especially because that is our real money.
I guess my biggest concern now is if they had gotten our credit card/debt card information previously, do we have to start or still worry that they will use this information now. Again, the one other credit card that has been on file with SG is not as of a concern because they credit card companies will remove the charges and issue new cards. However, the debt card is a different story. That is cash money and I don't know that these banks will actually put the money back into our accounts, etc..Sorry if I am sounding paranoid.

This post has been edited by misseswojo: 27 September 2012 - 07:41 PM

[countrydi]

I used to work as a Fraud Specialist in a huge credit card company just a few short years ago before I became disabled so I know firsthand what you have been dealing with Debbie. You have done and are doing everything possible to protect us, that is very obvious. I admire you for that Debbie. Thank you so much. You will not lose my trust or business because ScrapGirls ROCK!

[A-M]

Thankyou Debbie for sharing all that information with us.

I always, when I can, use Paypal as I know it is very secure. Also as a precaution with my paypal account I use a completely different email address to the one I use on forums and emailing friends etc. With doing this I was able to spot a scammer who sent a false message from paypal through one of my email accounts not on my paypal account.

[misseswojo]

misseswojo, on 27 September 2012 - 07:32 PM, said:

Debbie,

I just happened to come across this posting this evening. I haven't received any emails. I had to cancel my credit card that I use for ScrapGirls because of fraudulent charges. I can view my accounts online and I am always checking them, just keeping an eye out. Well yesterday I noticed the charges, called, and canceled the card right away. Now I was able to call my bank today and they were nice enough to give me all the new credit card information (without having received the new cards yet) to use for the various items that automatically get charged to my account each month. So I am able to go and make these changes. For instance, I had to change the information for the Scrapgirls Clubs that automatically bill this particular credit card. I do hope that this doesn't happen again with my new credit card, given the fact that I haven't even received the actual card yet in the mail. Now I do also have I believe 2 other credit cards on file, one actually being a debt card. I am now concerned about this one especially because that is our real money.
I guess my biggest concern now is if they had gotten our credit card/debt card information previously, do we have to start or still worry that they will use this information now. Again, the one other credit card that has been on file with SG is not as of a concern because they credit card companies will remove the charges and issue new cards. However, the debt card is a different story. That is cash money and I don't know that these banks will actually put the money back into our accounts, etc..Sorry if I am sounding paranoid.

Okay, I did receive your email, just checked again. Thanks

[SarahBat]

Debbie, I appreciate everything you and Modular Merchant have, and are doing, to keep us safe and secure. I'm pleased to know that the FBI is on it. Praying this bad guy gets caught.

[Westina]

Debbie Cleek, on 27 September 2012 - 07:06 PM, said:

No Barbara - No one who uses Pay Pal was affected. It was only customers that checked out using a credit card during the period of the breach.

Hello Debbie - I normally use Pay Pal to check out for Boutique orders. However I believe my credit card number, expiration date and csv code is on file with ScrapGirls and is used to process my Club purchases on the 15th and 1st. For the club renewals during the time in question, do I need to be concerned?

[Debbie Cleek]

Hi Tina - If you have your card on file with us for club orders generally those are processed manually by Angie. Believe it or not, she wakes up very early in the morning on the 1st and 15th of every month and manually hits "send" on your club order. So if you have your credit card on file with us for your club orders all of your information is secure because it did not go through the same channel that other transactions are processed through, which is where the hacker imbedded their script.

[Cheri T]

Debbie, I so appreciate your commitment to the safety of all of our private credit information and your doggedness at "doing this right" with making sure you had all the facts, set the right law enforcement on the problem, and worked with Modular Merchant to correct the issues to make shopping at SG safer and more secure than ever. Thank you for all your hard work behind the scenes (and in front of them now with this post) on this matter.

To everyone affected by the breach, I am so sorry you are dealing with these hassles. May you feel comforted knowing that the staff here at SG cares very much about you, your private info, and your time. I hope your issues are resolved quickly with your credit card companies. After all, we need to get down to the "business" of our wonderful hobby that brought us all together here at SG to begin with! *hugs* and prayers to you all.

As for me, I refuse to allow the "bad guys" to get me down. I am going to continue supporting SG, who, along with the company that runs the store software, are doing all they can to resolve the issues and have already stepped up security measures to the highest abilities possible. And most of all, I'm going to continue scrapbooking, because it makes me happy:)

[Syndee]

Debbie, I have to echo what others have said - you have handled this with care and with our wonderful Scrap Girls customers best interests at heart! I appreciate all you have done and are doing! And to all our lovely Scrap Girls I want you to know how much I appreciate each and every one of you - you truly brighten my day every time I check in on the forum or get a PM from one of you or see your wonderful layouts in the gallery! Thank you for being you!

[princessrunningfingers]

Apparently I was one of the members whose card info was stolen, as I have had charges on three different visa numbers after using them at SG. I just want to say thank you for checking into this and taking care of it. I am a very loyal member of Scrap Girls and will continue to be one. Thanks again for solving this problem.

[Jo Corne]

thank you Debbie for being so honest and forthright with this information. I know how very very very hard you have been working to get this issue resolved and am so very very VERY proud to call myself a ScrapGirl.
I thank all of our customers too, for whom we care for so very much. What a pleasure it is to come here and 'see' all your friendly and kind faces, to hear about your lives, your ups, your downs and to feel so much a part of a community from all over the world.
I have made one of my very dearest friends right here at SG and we even finally met face to face in July. So hang in there with us, we do care deeply for you and are so grateful to our fearless leader Debbie for all she is doing in making SG and those who live in her 'walls' as safe and sound as possible.

We have so many wonderful things coming up in the future and so very much want for you all to be a big part of our fun and creativity.


onwards and upwards!!

[Smiles]

This is not the first time I've received a letter that there has been a breach of security and my credit card information may have been compromised (it has actually happened to at least one US Government database). This was by far the most thorough and helpful explanation of what happened and most detailed information on what we are to do about it. My hat is off to Debbie and Modular Merchants for the professional and customer-service oriented way this has been handled. Thank you!

[cyndals]

Thank you for all your hard work in getting this situation resolved, Debbie! You have handled this matter so thoroughly and professionally and I appreciate you being so straightforward with this information. Your hard work has allowed us to feel safe and secure again and we are lucky to have you at the helm!
SG and this amazing community means the world to me and brings me so much joy. I'm happy to be surrounded by such wonderful and creative people everyday

[lorac]

Thank you Debbie for all that you, your team, and Modular are doing and have done during this trying time. I use PayPal, and have been using it for about 10 years ever since I started selling on eBay. I trust PayPal and I use it whenever I'm on line instead of my credit/debit card. I will continue to be a Scrap Girl as I love this purple place and everyone here. Thank you all again for all that you have done.

[ValerieT]

I echo what Gayle said. You have given us the most in depth information about what happened and what you are doing. Thank you. I always new Scrap Girls had the best costumer service, but this just proves it.

[englishrose]

Debbie - I am so grateful to you for the professional manner with which you have dealt with this problem. It is so refreshing to experience such honesty in a world of cover-ups and denials.

I am pretty certain that I have been affected by this breach in security and will email you separately with the details. Please be assured that my loyalty to Scrap Girls is unaltered! You are the best!

[Kate Davis]

Debbie,

Thank you for the information. Both my credit cards were compromised (maybe I should really be blaming the retirement sale) so I had a good idea the problem originated here because this is the only site I had used both of them. I was going to get in touch and ask if you knew of any issues, but you have been so pro active you beat me to it. It is very much appreciated.

Both my card companies identified the fraudulent payments very quickly and sent out new cards. As you have details about how the fraud happened do you know if I should be passing this on to them for their information or so they can input into the investigation?

Thank you again

[jode2771]

Thank you Debbie for being so honest and forthright about this... the way you have handled this and been so upfront whilst it must have been so hard for you to keep it quiet until you had answers is admirable. I think you are doing a wonderful job, after all, we all like to be 'kept in the loop'. To have this happen so soon into your leadership and to see how you tackled it shows us we are lucky to have you.

To those affected I know it is a pain but I rest easier knowing that it is being dealt with and handled by the FBI and that our purple place has the best security available.

As for remaining faithful to SG, I have a little inkling of what is coming soon and I will be staying put!! There are lots of fun things coming...!!!
I am just off now to empty my cart and start downloading... there is a brush there I can't wait to download and get started with!!

Thanks again Debbie and Angie, you have handled this in the most professional manner.

[scrappyjan]

Thankyou, Debbie, for your honesty and professionalism over this glitch. This is such a great community to be a part of, and all of our customers can rest assured that you and your team have done, and will continue to do, everything possible to ensure that each and every one of them are safe, secure and appreciated.
I fully empathise with those of you who have been affected by this breach, and hope you will very quickly get things sorted with your credit card companies. A few years ago we discovered that my husband's card had been compromised when the bank phoned us to enquire about several transactions that had been made in the red light district of Amsterdam!! LOL!
As for the hacker, as my old Irish Granny used to say:
"May the curse of Mary Malone and her nine blind illegitimate children chase you so far over the Hills of Damnation that the Lord himself can't find you with a telescope"
ROCK ON SCRAPGIRLS!!!!

[Sara Arell]

I just have to echo everything everyone else has said. I appreciate the manner in which you've handled this breach, Debbie and plan to always remain a loyal member of Scrap Girls! I feel so fortunate to be a part of a business who actually cares this much about their customers - thank you for letting us know!

[elibar]

These days, I see so many companies point fingers, downplay the issue, or worse, try to hide things a when things like this happen. This kind of behavior only breeds mistrust. One of the things I always tell my kids (and myself) when something goes wrong is, "It might not be your fault, but it's your responsibility."

I'm so proud to be part of a company with this same value! While the breach is not the fault of Scrap Girls, Scrap Girls is taking responsibility and being up-front about it. It's really important for all of us that this remain a safe and secure place to shop, and that the customers feel safe.

This is not just a company, it's a community, with all of us working together. And when we do, we all benefit. Thank you Debbie, for working so hard to keep it that way!

[Sara Arell]

elibar, on 28 September 2012 - 06:14 AM, said:

These days, I see so many companies point fingers, downplay the issue, or worse, try to hide things a when things like this happen. This kind of behavior only breeds mistrust. One of the things I always tell my kids (and myself) when something goes wrong is, "It might not be your fault, but it's your responsibility."

I'm so proud to be part of a company with this same value! While the breach is not the fault of Scrap Girls, Scrap Girls is taking responsibility and being up-front about it. It's really important for all of us that this remain a safe and secure place to shop, and that the customers feel safe.

This is not just a company, it's a community, with all of us working together. And when we do, we all benefit. Thank you Debbie, for working so hard to keep it that way!

Very well said, Elisha. I just heard on this morning's news that there is a worldwide security breach of several credit card companies - overseas involved, and I got an email from our bank about a security breach as well for cc customers, so I think it's a lot more wide-spread than just Scrap Girls.

[anemone1983]

Debbie,

Thank you for letting us know and handling this so professionally. It’s something we all have to live with and watch for – having access to accounts on line makes it easier and quicker to find these charges, rather than waiting for a paper bill to arrive. I had some fraudulent charges on my Amex in early August. This has happened before with DH’s and my Amex cards, so I thought nothing of working with Amex, they’re very good about removing charges and investigating and sending new cards overnight.

I know SG does everything possible to keep our information safe, but they have to work with other companies to process all of this information, so they’re dependent on those companies to be just as safety conscious. Thanks again for being up-front and letting us know what’s happened and what’s being done and can be done to move on from here!

[kimmybutton]

Syndee, on 27 September 2012 - 09:45 PM, said:

Debbie, I have to echo what others have said - you have handled this with care and with our wonderful Scrap Girls customers best interests at heart! I appreciate all you have done and are doing! And to all our lovely Scrap Girls I want you to know how much I appreciate each and every one of you - you truly brighten my day every time I check in on the forum or get a PM from one of you or see your wonderful layouts in the gallery! Thank you for being you!

DITTO to what Syndee said! I don't think I could say it any better. (Love all my SG friends!!! )

And, Jan ... ROFLMBO! I love your old, Irish granny! Look out, bad guys ... we're out to get you!!