Tuesday, February 19, 2013

KnitPicks - Data Leak

I normally do try to stay somewhat on topic but I feel it is important to share this information with my readers, especially knowing many of you shop online at the same places I do.

Recently, it was discovered that the Crafts Americana Group, or CAG, accidentally put a file which included buyer data (name, address, credit card numbers) in a location that was not secure. This means the site was not hacked, but if a person with ill-intent were looking in the right place, this file would have been made available to them relatively easily. You can read the announcement made by CEO Matt Petkun here: http://www.knitpicks.com/cfBlog/post.cfm/message-from-our-ceo-matt-petkun

That's right - that's a KnitPicks blog link.

CAG includes Knit Picks, Connecting Threads, and Artist's Club. If you made a purchase from any of these three sites at the latter part of 2012, you may be affected.

The file was made available in an unsecure location mid December until mid January. According to the post by Mr. Petkun, US residents were mailed a letter if their data was in that file. I have not received anything - but from what I can see, no one has actually came forward and said they received any communication their data may have been compromised. He does offer to pay for any fees associated to switching your card information, which is nice.

So basically - this is just to make you aware of the situation. You can do the digging to get all the details. There is one blogger who is timelining the whole incident, although I admit I'm not exactly sure why - her blog is here - and it is specifically for this incident. It is not a blog she had before this and I doubt she'll maintain it after this situation is resolved.

I have contacted KnitPicks twice since I know a purchase was made there in December asking direct if my information was included in that file. No one has offered to tell me "yes or no" but I will let you know if I ever get an answer from them or a letter in the mail.

If you made any purchases at KnitPicks in the latter part of 2012, you may want to contact your bank or credit card company with this information, letting them know there may be illegal activity on your card or that you want to change your card/account number.

The only reason I'm choosing to post this is because in the circle of blogs I read, I haven't seen anything about it and I wanted to put it out there for people who may be in the same boat as me - not knowing more than there may be an issue I need to prepare for.


kaycie51782 said...

I'm trying to gather all of the information that's available because there is so much misinformation floating around cyberspace. A lot of people are still calling it a hacking, which it was not. You have also made a mis-statement. Nowhere in the letter from Mr Petkun say KP will cover any charges associated with the fraudulent charges. The letter only says to contact them, not what they are going to do about.

My goal is specifically information and helping people figure out what to do next. Plus, I was getting tired of posting the same thing over and over again in 4 or 5 different places. :)


Cris said...

My statement is a natural assumption that if he wants to know about these costs, he is willing to do something about it. Otherwise - why would he even care to know? yes?

Otherwise, I thought it was odd it took CAG so long to post to the public - I can understand making sure things are secure before saying anything to the public, but a month seems a bit excessive.

Sara - momwithahook said...

Wow, scary. Thanks for the headsup.

Post a Comment