Johnny's Selected seed

[Rena]

I feel I have to report I do (did) like Johnny's seed but I recieved a letter from them today it READS
I am contacting you to advise you that an Unauththorized person from outside Johnny's broke into our website and stole our data. WE DISCOVERED the theft on Sunday February 18 2007. Your name address phone number and payment information including your credit card number ending in xxxx, were amoung the records stolen.

I JUST got off the phone with my credit card company and it WAS charged up and we had to close it The letter was dated the 27th. WHY DIDNT THEY call me or write sooner?????

[nctomatoman]

I got the same letter, Rena, but am not done with them yet (anyone who shops at TJMaxx, Marshalls, etc are also at risk, because their system was also hacked the millions of credit cards numbers stolen). My view is that once they discovered this, they had to go through a process to find out what the possibilities were, confirm next steps, etc. I am sure they have many customers, and communication did take some time. Not making excuses, but I don't think that many companies do risk management very well, and are particularly good at reacting to these new types of cybercrime.

[Worth1]

That really stinks, I wonder how many costumers they have and how much information the bandits got away with.
Now I'm glad I never ordered from them.
I'm sure that they had to call or write 1,000s to tell about the break in and that is the reason they got to you when they did.
Sorry to hear about it.

Worth

[shelleybean]

I haven't placed an order with them for about a year and have not received a letter yet. I guess I'd still better check my credit cards.

[elkwc36]

I was involved in a credit card theft with another company and they used email and phone numbers to contact me and others very quickly. I have read the responses left on Dave's watchdog and it appears they were very slow about making any responses. I was thinking about ordering from them but probably never will now. Too many more to order from. Jay

[Rena]

On NO!!! I shop at TJMAX . I cant win. OK Craig, I will call and listen to the excuse and then confirm. I can't help it I really like them................ I love the catalog, It is so helpful.

[Ruth_10]

I got a letter from Johnny's, too. Maybe now that the horse is out of the barn, they'll put a more robust system in place. At least they told us. Some places don't.

[Lee]

Wow Rena, this has not been a good week for you. I hope you can
get this resolved.....

Lee

[Doris]

A week ago a guy from my credit card company called and asked me if I had made a purchase from a certain place. When I said I hadn't, he asked about another place. Again I had not made a purchase there. He told me right out that my credit card was cancelled, was dead, and I should not use it again. He said I would get a new card in a few days, and I got it yesterday. New number, new card.

I think it was great that they caught this on my card. I do imagine the 'purchases' were large and unusual for me. I think they did a great job in stopping it. I will say it was a Discover card, might as well give them credit for handling it.

By the way, I had not purchased from Johnny's Selected Seeds.

...........Doris, NJ

[duajones]

I received the same letter and luckily I lost nothing. I still cancelled the card and it was a bit of a hassle, but I would have to believe that they will respond in a way that would make it more difficult for hackers in the future. I had not purchased from them in awhile, so I didnt understand why my info was still in their system. Learning experience for them, and I believe they will do everything possible to prevent it from happening in the future. Its in their best interest to do so.

[gardenmaniac]

I received the letter too. Luckily nothing had posted yet on my card before I cancelled it.

[Mischka]

I'd hate to see anyone stop supporting Rob Johnston's employee-owned company solely because some scumbag hacker managed to break into his server and steal customer billing data.

Johnny's Selected Seeds has always offered great service and competitive prices.

The sad fact is, as fast as security holes are discovered and patched, determined hackers are working feverishly to find new ones to exploit. There are companies overseas that actually employ net-savvy programmers for the sole purpose of hacking financial institutions and other places where sensitive financial data is processed and stored.

It's a multi-billion dollar black market business.

There's also a catch-22 situation when it comes to publicly announcing that you've been hacked. Not only do you risk alienating customers and future sales, you also draw attention to your company from the many hacker groups out there. These groups take a perverted pride in competing with each other to be the first to break into a company's data network AFTER the company has acknowledged a breach, just to gain "street credibility" for their hacking skills.

I'm not making excuses for Johnny's, TJX, CitiGroup or any other company that has had their data stolen. I just want you to know that the odds are stacked in favor of the scumbags...and not the honest companies and individuals out there. Please keep this in mind before you decide to punish them further by taking your business elsewhere.

[Lee]

I suspect the best way to avoid this problem for most companies, is not security, but to not keep the data in the first place.
For future transactions, their system should delete the credit card information once
payment has been secured.
No credit information on site, no chance of any hacker getting the data....

Lee

[duajones]

agreed Lee and I will do business with them again Mischka

[gardenmaniac]

I certainly will do business with them again. They are a great company.

I'm just glad they notified us. It also happened to my credit union last year and my Federal credit card through Bank of America the year before that also the Florida State University personnel system. I guess I'm getting used to these letters...

Tiffanie