I received this email Saturday and today I got a call from the Chase Fraud department telling me that I have 3 charges totalling over 1300 bucks from on-line stores in Europe. I'm wondering why ESS keeps the credit card information of customers?????? I'm pissed :mad:

I would call and cancel your credit cards if you have purchased anything from ESS.

Dear Valued Customer,

It is with regret that I am writing to inform you that the servers hosting ESS’ website have suffered a security breach. It appears to be one of many recent criminal attacks engineered by highly-sophisticated hackers targeting successful internet companies around the globe.

This breach was identified within the last 48 hours. We resolved the issue immediately and are reaching out as quickly as possible to those that may have been affected to proactively help avert potential problems.

Customer details including credit card information used during online business transactions with www.esseyepro.com are likely to have been compromised. ESS encourages you to carefully review the account activity for the credit card you used at our web store, and we recommend that you notify your credit card company about the security breach.

Importantly, the ESS web store is protected with a very high level of security and encryption (HTTPS connection with a validated 256-bit SSL certificate), and the servers are safeguarded with industry-standard firewalls, security and monitoring. But the unfortunate fact is that highly-sophisticated hackers are sometimes successful. A 2010 article from eSecurity Planet indicates that 67% of large companies reported at least one successful intrusion in that year. [1] Other sources indicate that fewer than 10% of companies share the news of the breach with their customers. At ESS, the choice is simple – we care about our customers, and are thus informing you as soon as possible.

Be assured that ESS is undertaking every possible effort to prevent such an occurrence from happening again. Since discovering the security breach, ESS’ webmasters have taken the necessary measures to ensure that the security of our servers and data are restored.

With our sincerest apologies and deepest appreciation,

Steve Dondero
ESS Vice President of IT

PS—You may contact me directly with any further questions.

I'm wondering why ESS keeps the credit card information of customers??????

Exactly.


I'm pissed

And you should be.

There is absolutely no reason to keep CC information on file. Moreover, if keeping CC information is standard policy for ESS, there should be a disclaimer prior to placing an order. Bad form.

For the record, I am a web application developer as well as founder of Gear Sector and I can tell you with 100% confidence that we NEVER store customer CC information. The minute an order goes from pending to approved, all CC information is automatically deleted from our servers.

This same thing happened with TAD GEAR a year or two back. I had to cancel my CC.

Jason,

I deal with many online vendors including you and have never had an issue with something like this.

I honestly am shocked that this happened....especially when Chase called and asked if I made a 832.05 purchase from the University of Liverpool Laureate On-Line and 292.56 from Kenneth Cole and 95 dollars from E-Fashion Solutions.

At least Chase Fraud department has my back but this is going to seriously put the red flag up whenever I but 1000's of rounds of ammo from Palmetto or a new Aimpoint or NightForce scope from LaRue or another on-line retailer.

My MC Chase card account was closed and letter have to be sent to the 3 credit bureaus and a new account needs to be opened and the good credit history needs to be transfered to that account so my credits doesn't take a ding. All of faudulant charges were removed so I'm not on the hook.

I hope everyone that has purchased from ESS contacts their CC Company and gives them a heads up.

More companies than you wanna believe save CC info. It's your call whether to make an order with a company or not as the customer. Make sure to always read to fine print if this bothers you. If you've got a good bank (I use Chase and USAA), they will take care of you regardless.

Getting pissed at ESS is kinda dumb. They were the victim just as much as you. They did the right thing by sending out an email letting their customers know what happened. I got hit twice a few years ago when the same thing happened to another vendor a couple times, and while they did the right thing, I never got any kinds of heads up until checking my balance online. In my opinion, blaming ESS is like saying a victim getting raped is their fault.

I guess I'll go back and check to see if they publically display that they are storing credit card numbers with the expiration DATES and security codes so if they are HACKED the Hackers can commit fraudulant purchases.... comparing this to someone being rapped ??? What a Tool


I should say thank you to ESS ?? I don't think so their buddy