There has been a lot of talk on other forums about people getting fraudulent charges on their credit cards after ordering from BRS.

I just thought I would make everyone aware of this.

Yikes! I just ordered from them. I wish I had seen this first. Do you know how people were ordering? Online or over the phone?

I’ll have to keep an eye on my credit card now…

it appears that they were online orders. Some said they used paypal and didnt get hit. The one that were hit (that i read about) used their credit cards on their site.

Thanks for the heads up!

I’ve been using PayPal for a while now; it’s just another layer of security.

I also use PayPal a lot to. And if I need to use a card I use a credit card instead of a debit card. If I am going to get hit I would rather it be credit and not coming out of my personal checking account

I got scared off of PayPal years ago when they started freezing people’s bank accounts if there was a dispute on eBay.

Paypal cannot freeze a bank account. They can freeze a Paypal account, choose not to forward the funds to your bank account, but they cannot actually freeze the account at your bank. Only the government can do that, and then only certain branches and divisions of the government.

It is important however to make sure when you’re funding Paypal that you’re using a card and not an ACH transaction. If something happens and you have a dispute, your liability for fraud through your bank is significantly lower for a card transaction than an ACH transaction.

You are certainly correct and I should have been clearer. There were quite a number of cases where Paypal froze large chunks of money in people’s bank accounts while they handled disputes. They don’t actually take it, but they put a hold on the funds.

I have orders from brs during this trouble and had no issues to date.

Rumors were true…

Great. I ordered from them for the first time during this time period…

Actually, I just double checked and I signed up for the website and placed my order on Jan 27th.

The article says the virus was discovered on Jan 21st and a fix was in place one day later.

The article also says customers who logged on up to Jan 30th may have been impacted.

Why would anyone who logged in after January 22nd have been impacted? I’m not sure if I’m in the clear or not on this?

Well here is some banking insider perspective.

Fortunately there is minimal personal data that they could have stolen, so your identity is likely safe. Your credit card on the other hand MAY have been compromised. Contact your credit card provider and make them aware you were part of the data breach (they will already be aware of it). They may choose to reissue your credit card or place it in a fraud watch queue.

The important thing is to be diligent in checking your bills over the next year or 2. Often times the thieves will get access to credit card info and not do anything with them for a while. They wait for the fraud alerts to expire and then sell them / use them.

The reason BRS is saying they installed a fix on 1/22 but customers logging in through 1/30 may be affected is they probably just don’t know. They installed a fix, but probably found another possible intrusion point afterwards that wasn’t patched until the 30th - they don’t know if the additional intrusion point was compromised or not, so they post the secondary date as a warning to all to be wary.