Dear Joe,

This letter is to notify you that our website hosting provider was briefly hacked and the hack potentially exposed credit card information for some System76 orders. Your information has been identified as possibly having been exposed. In particular, it is possible that an unauthorized person may be in possession of your name, address, telephone number, email address, credit card number, expiration date, and card verification number.


System76 does not store any credit card information. The exploit occurred only during the processing of certain orders. We take this security breach seriously, and we deeply regret that this incident has occurred. We have identified the cause of the hack and have taken precautions to ensure that this will not happen again.


Again, we deeply regret this incident and any inconvenience or concern it may cause you.


Carl Richell

President

System76, Inc.

what do you guys think i should do? you think i need to worry about it and go cancel my credit cards or what?

call your bank and have them cancel your current credit/debit cards and have them send you new ones, and change the passwords to everything bank related. Better to go through the hassle now rather then finding out later some guy is maxing out your credit cards and having to deal with that.

also keep an eye on your bank statements for any suspicious purchases while you wait for your bank to deactivate your cards.

+1 for cancelling.

+1 for cancelling.

+2

I wouldn't take any chances at all on something like that.

+2

I wouldn't take any chances at all on something like that.

+3

Better to be safe than sorry.

Hopefully you didn't use the same password for all of your banking-related accounts...

+1 for cancelling.
+2

i wouldn't take any chances at all on something like that.
+3

better to be safe than sorry.



+4

+5 ....... call them up and ask for new cards, tell them about the email you recieved. Most banks will reissue free of charge, because its cheaper to reissue than to give customers credits on stolen credit lines.

Contact the big three credit reporting agencies (TransUnion (http://www.google.com/url?q=http://www.transunion.com/corporate/personal/fraudIdentityTheft/fraudPrevention/securityFreeze.page&ei=loclSqbxAYSUMpL4-LAF&sa=X&oi=smap&resnum=1&ct=result&cd=4&usg=AFQjCNG8aMUPC7o_WoOKo_eRP2MpHf6v0w), Experian (http://www.google.com/url?q=http://www.experian.com/freeze/&ei=m4clSvOzFcGMtgfijdnpBg&sa=X&oi=smap&resnum=1&ct=result&cd=5&usg=AFQjCNHlnToBUUr3CeZ0KAmJy-qqAg7ttQ), and Equifax (http://www.fraudalerts.equifax.com/)) and place Security Alerts on your accounts.

Then, cancel your credit cards, bank cards, etc, and get new ones.

what do you guys think i should do? you think i need to worry about it and go cancel my credit cards or what?

Get a free credit report form each of the three agencies and make sure no one has opened another card in your name. You are entitled, by law, to one a year from each agency. Here:

https://www.annualcreditreport.com/cra/index.jsp

I applaud System76 for stepping up and notifying their customers. Good on them!

Don't freak out, just calmly call your credit card companies and get them cancelled. They should re-issue you a new card with no charge.

I applaud System76 for stepping up and notifying their customers. Good on them!

Don't freak out, just calmly call your credit card companies and get them cancelled. They should re-issue you a new card with no charge.

Actually, if the "CA" in the OP's location is California, System76 didn't have any choice in the matter. California is one of the states that requires disclosure by law. I had to reproduce a bunch of data when one of my co-worker's laptops was stolen several years ago, so that we could notify people in the states that required it.

Of course, System76 might have notified everyone and not just where required. If so, good for them.

Why would he need to change his bank passwords? Looks to me like he should have that one credit card re-issued. In addition, monitor his credit reports.

Why would he need to change his bank passwords? Looks to me like he should have that one credit card re-issued. In addition, monitor his credit reports.

+1

no need to reissue "all" cards. Just any that you have used to process payments with system 76. Really unfortunate that this happened with them. Makes the company look bad and I generally applaud their efforts.

thanks for the advice guys.... i went to the bank directly with that email printed out shortly after i created this thread... got my temp debit/credit card now :) should have a new one with new numbers in a week or two :) (No transactiosn were made that I was not aware of :D)

won't be ordering from them anytime soon...

Why not? Because there are some other sellers out there that are hack-proof? Please let me know which ones are.

no such thing as hack proof, and i didn't claim there were, so drop the accusations, kid.

more robust = dell, newegg, etc.

anymore questions, buddy?

From the e-mail:

~ our website hosting provider was briefly hacked ~

So not really a problem with System 76 per se.

Not necessarily a hacking either, all it takes is for a corrupt worker at the hosting provider to just transfer data to a flash drive, or for someone to lose a laptop.

Could happen to anyone, even MI5 or MI6....

They should tell their hosting provider to switch to Linux.

If they're already running Linux, then they should switch to OpenBSD.

If they're already running OpenBSD, then they should switch to TRS-DOS.

Contact the big three credit reporting agencies (TransUnion (http://www.google.com/url?q=http://www.transunion.com/corporate/personal/fraudIdentityTheft/fraudPrevention/securityFreeze.page&ei=loclSqbxAYSUMpL4-LAF&sa=X&oi=smap&resnum=1&ct=result&cd=4&usg=AFQjCNG8aMUPC7o_WoOKo_eRP2MpHf6v0w), Experian (http://www.google.com/url?q=http://www.experian.com/freeze/&ei=m4clSvOzFcGMtgfijdnpBg&sa=X&oi=smap&resnum=1&ct=result&cd=5&usg=AFQjCNHlnToBUUr3CeZ0KAmJy-qqAg7ttQ), and Equifax (http://www.fraudalerts.equifax.com/)) and place Security Alerts on your accounts.

Then, cancel your credit cards, bank cards, etc, and get new ones.

That's probably an overkill at this point, since the only thing possibly stolen was credit card number, not social security number. You can't open new credit account with a credit card number.

System 76 should also be willing to pay for one year's credit monitoring for you -- it's the right thing to do, and most companies that have had this kind of breach have been willing ot do the same. You should ask them to do this for you.

no such thing as hack proof, and i didn't claim there were, so drop the accusations, kid.

more robust = dell, newegg, etc.

anymore questions, buddy?

Yes but at least they fessed up to the mistake, I doubt you would get the same from companies like Dell.
System 76 has proven its honesty here, so I will be buying from them soon after this is cleared up.

Yes but at least they fessed up to the mistake, I doubt you would get the same from companies like Dell.
System 76 has proven its honesty here, so I will be buying from them soon after this is cleared up.

As I stated earlier, in a long and somewhat rambling fashion, if the OP is a resident of the state of California, then any company is required by law to disclose such a breach. If they "fessed up" to all affected customers, even if not required to, then they deserve praise and patronage. :)