AIM Surplus Security Breach

[BugI02]

Dear online retailers

#1 Stop archiving information on your customer base for any longer than necessary, by which I mean longer than the chargeback window of the associated credit card.

#2 Put some ****ing security on the information you do keep. Encrypt your database, with modern computers the overhead in cost and latency is minimal

Sadly, until retailers are themselves financially responsible for the harm caused by low security data (which will feed the class action sharks, unfortunately) there is no 'evolutionary' pressure to change the way they do business.

IIRC in an early and infamous breach of a debit and credit card database, the TJX breach (T J Max, Marshall's etc), the company had data on its customers accounts going back at least five years. WTF are they doing keeping this much data. If you bought one thing in one affiliated store ever you were as much at risk as anybody else. Multiply that by the number of companies you do business with via credit card.

The OPM breach was even worse. If you had a background check they know everything about you needed to steal your identity. If you have a clearance like I do they have that information on your family and even possibly some of your friends.

I have my data stored on my desktop Mac with far greater security than almost every entity I do business with uses. You can personally follow best practices and be savvy and cautious in how and with whom you do business and one careless operator can undo it all

 

[Thor]

I was a part of the OPM breach...they've probably got my DNA and retinal scans...

They did also offer some of the free ID protection....all you have to do is log in with the same people who lost your information in the first place and give them everything else...

So, let met get this straight OPM, you lost all my personal information through incompetence and shoddy management and now you want me to give you all my banks account information too? No thanks.

 

[singlesix]

Why do people refuse to send their drivers license copy or block out the number when sending them to an FFL? They need that info for their books.

If if I get someone who refuses to give me that info with a gun guess what? Your **** is coming back cod.

AIM Customer Service told me to do it this way when I called them about my concerns and questions about security. I only bought Ammo from them.

 

[halfmileharry]

It could be the Government is just using another means to track certain groups or people.
Snowden just might have been on to something.
Many motives for this type of thing.
I use only pre paid plastic for any online purchases. Our info is accessible to people with the know how.

 

[Ballstater98]

DL and order history in a db.

AIM Customer Service told me to do it this way when I called them about my concerns and questions about security. I only bought Ammo from them.

The government now has seen all the high-capacity mags I own!

 

[rhino]

This is . . . irritating.

 

[JollyMon]

Guess my only saving grace is that my dl was old and has my old address on it..... But dang I hate when this happens

 

[SmileDocHill]

wow, I've bought my share of ammo and "stuff" from them as recent as a year ago. I haven't gotten a letter though???? Was it a physical letter (like they used to do in the mail ) or an email? If it was a letter it likely got thrown away as junk mail.

 

[nwinebrinner]

luckily not received an email yet

 

[Expat]

wow, I've bought my share of ammo and "stuff" from them as recent as a year ago. I haven't gotten a letter though???? Was it a physical letter (like they used to do in the mail ) or an email? If it was a letter it likely got thrown away as junk mail.

Physical, paper, letter...

 

[scottka]

Hmmm... Just made my first "ID required" purchase from AIM about a couple weeks ago. I bought an LE trade-in Glock 17 from them. From the letter, it looks like this occurred earlier in the month so maybe my info hasn't been compromised since it was after the system got hacked. I haven't been down to check the mail yet, but we'll see if I have a letter.

 

[Spear Dane]

WTF are they doing keeping this much data.

Very easy to answer. Customer data is absolute GOLD to many businesses, especially retailers. There is an entire sub specialty of computer science called database mining. When Bernie grasps reality and gives up, his donor database will fetch BIG bucks as it is considered the most quality donor list out there this cycle. Last year when Radio Shack went belly up their customer database sold for $15 million IIRC.

 

[2in1evtime]

Well i am glad i haven't ordered from them yet. already had this happen on a couple other sites{ home depot was one of them}

 

[rhino]

These places that require that much person info need to purge it immediately after it's no longer needed the specific purchase. I'd rather them do that and upload my info each time than have it sit like bait.

 

[Expat]

I wonder how much all of these monitoring memberships costs them?

 

[rbhargan]

Got the letter. Never doing business with them again - nor anyone else that requires such information.

 

[JollyMon]

Got the letter. Never doing business with them again - nor anyone else that requires such information.

Do you stop doing business with all companies that have data breaches? Guess you dont shop or use Home depot, JC pennys, Target, Sony, Anthem, ebay, JP Morgan Chase, Tricare, etc.

 

[avboiler11]

I swear there wasn't this much gnashing of teeth on the interwebs about the OPM breach...

 

[Thor]

I guess people just expect that level of incompetency from the feds...

 

[ljk]

Never bought ammo from them, probably never will.

They told me I wasn't part of the data leak, looks like the perps went straight after the I.D. and C&R pictures.