[Closed] CRC security issues?

No voucher here. I have not contacted CRC directly, and do not have my email address on my public STW profile. This would imply that they do not know who's card details were taken, and so I would take the statement "only a small proportion of recent CRC customers were affected." with a pinch of salt.

To add to the thread I bought something, with the voucher around this time, but used PayPal. So as noted by a few already I wasn't affected.

Personally I won't use crc again, I've never used Wiggle since there reported issues, although my LBS will use hotlines so the revenue will head CRC's way, but personally I haven't the confidence in their ecommerce infrastructure, their ability to support and secure it. This is a major breach regardless of how it's spun and we will never truly know the scale.

I got the vouchers two of them both in deleted items. My very first CRC purchase was a nightmare and it seems my last has been too 🙂

Personally I won't use crc again, I've never used Wiggle since there reported issues, although my LBS will use hotlines so the revenue will head CRC's way, but personally I haven't the confidence in their ecommerce infrastructure, their ability to support and secure it.

LOL, what a very very short sighted view that is. Are you happy to use other online retailers even though to your knowledge they haven't been affected? What's to say they wont be affected? What's to say CRC, Wiggle etc.. aren't some of the most secure? Either before or from what they've learnt post incident? You use Singletrack. This place was hacked some time ago & alot of email addresses & log-in details went AWOL.

What's to say CRC is fixed bar a post on a forum?

Your right the others could be attacked too, but in my post I reference LBS and not online.

The STW hack caused me no lost time and email is less sensitive than my credit card and personal details it's not comparing like for like, business that hold cc details need to conform to pci forum owners for email address don't

Ultimately my choice wouldn't let it worry you to much 🙂

Personally I won't use crc again....

I think if you shop on the internet this sort of thing is par for the course. Sure CRC have not handled this particularly well, and they have no doubt learned some very valuable lessons but I'm sure they're now more on the ball with security than some retailers who haven't been hit yet.

All you can do is to be vigilant, use a credit card (or paypal) and not a debit card, and watch your bills like a hawk, which all seems like common sense anyway. Either that or go back to waiting weeks for your LBS to source parts from perhaps the same suppliers and charge you more for them (that's not a dig at LBS's by the way, just a statement of fact).

I feel left out, cleaned out to the tune of £2.5k & no voucher for me 🙁

I need to order some new shoes too (with Paypal now of course!)

Check your spam folder, mine went there. Or just add something to your basket then try your registered email in the voucher box 😉

Tried that, not beein having much luck with CRC recently, lost parcels, wrong stuff sent, replacement stuff never sent, card scammed...

Maybe I should try somewhere else!

Check your spam folder, mine went there...

Thanks for the tip! I just found another voucher in my spam folder to add to the one that went to my work email. 😀

how is everybody getting these vouchers ? how do they know who to give them to ?

how is everybody getting these vouchers ? how do they know who to give them to ?

I sent an email telling them I'd been affected after they posted on here asking people to let them know. After emailing them I even got a personal phone call by Mr Cowan apologising in person for the hassle.

e-mail sent, just wait and see if i'm to late. Need some new shifters though so would certainly be handy

I didnt get done (as I spotted the bikeradar thread early on and posted here)
No £30 voucher
Wouldnt weant one anyway as I just saved over £30 on CRC prices anyway by using Rosebikes in Germany
and it was delivered in 2 days by parcelforce, in sensible sized packaging
Im happy to use CRC via paypal whenever but this opened my eyes to other retailers. The internet bike retail world has not been standing still during CRC's rise to domination
Yes CRC may be cheapest for alot of things still, but not everything, and the hassle of the large packaging for me delays delivery by 3-4 days as I have to get to the main sorting office to collect the parcel

No voucher for me either. Tbh I moaned on here but didn't contact them about it.

Maybe if I take a copy of my statement and email it to them as proof...

well i got the email about the voucer yesterday so thought i'd try it......

£35 order for just £5! & paid through paypal (as i will do for all sites now if its avaliable)

for those who havent had the email or cant find it, have you tried ordering? cos the voucher code is just your email address

Tried buying something off CRC today over the phone,card rejected.
bank rung me straight away saying they had stopped my card 😮 over the card being copied...

Paypal all the way. Be smart people.

So, remind me again would you - is it only people who've bought something in the recent future that have a problem - it's been a month or so since I last bought anything from them, but 've not checked my account for a while, am I going to get a shock?!

Yes coffeeking it's people that bought in the recent future 🙄
In fact people that haven't bought anything yet but might do a week next thursday

I ordered 7th march and got stung the week later. I used both my vouchers I got on Thursday night and my stuff has just arrived 🙂

arrrgghhh...

I was tempted back with the voucher so I ordered some Torq electrolyte tablets. Paid the difference with paypal and they arrived quickly on Saturday 🙂

Just went to use one and the whole box only has one month left on the use before date. 👿

I wont be able to use all 24 in one month, so they will have to go back.

I don't think Torq electrolyte tablets know what the date is, they'll be fiiiine

Yes, your head will explode and kidneys pack up if you use those tablets just one day after their sell by date.

Tried to buy something using paypal but got an error message saying the details couldn't be retreived from Paypal. Emailed CRC regarding this as I got caught once before so not going to use the replacement card on their site at the moment

Noticed over 3000€ on various stuff on my credit card today...

Guess who's just had a fun phone call to Nat West card services? 😉

Was quite comical, the girl reading out a big list of Apple Store (got no Ipad/Ipod/Iphone, and don't want one, ever), multiple times, many declined, £600 for BMI flights (thought it was a budget airline? obviously don't need CC to get boarding pass, hope the plod cuff them at the gate), many £100's at Shoestore or something, many times, enough to keep Imelda Marcos shod for a year, many declined and many reattempted and declined, £1600 at Swiftcover Insurance, many times, repeated amounts same day, ... the list goes on. Total that she read out must have been 2x the credit limit on that card.

All will be refunded, card cancelled, but I think I have to fill in a legal declaration (Didn't need to do that with my brand new Dutch CC that got pwned after 1 hotel and 1 paypal usage).

Cost me 20mins international call too 🙁

Got my statement yesterday... all perfectly fine, nothing abnormal, and ditto when I just checked online! My statement shows *EXACTLY* what I expected to see, so DO NOT rely on checking online, as that may not reflect what has gone through or attempted to go through!!!

Off to write a nice email to CRC now... 👿

They have not solved the problem?

🙄

Received an apology and £30 voucher today from CRC. While it shouldn't happen, sometimes things do go wrong. At least they've owned up and provided some sort of apology, not every company would do that, and a £30 voucher too. Although my next order will be through Paypal!! Like many of you I would guess.

They have not solved the problem?

mine were all from around 9th-16th March, and Nat West just got around to contacting me 🙄

and my statement date was about 1-2 days before my CRC order, so I only just got the next one (showing CRC order).

New credit card arrived today. No sign of any £30 voucher though. 🙁

Contact them Harry, i did and got a phone call and a voucher.

Just got a letter from Egg.. we are blocking your card as part of 'ongoing security activities' 1 week after ordering from CRC... Got a call about activity last week, all of which was mine, so not sure why they continue to think theres an issue unless CRC have divulged all the accounts at risk to the relevant credit card companies.

So a week without a card whilst i wait for a new one to be issued. I hope the refund from CRC gets back into my account!

I'm awaiting 2 refunds at the moment from CRC, 1 from something I returned as it was the wrong size so asked them to refund to paypal - this was on the card that got scammed, not had that yet, but the other item I've just been told it's not in stock, something I purchased with my £30 voucher and paypal, but it's still listed as being in stock, so after a phone call I'm told it's not in stock 🙄 so they are going to refund me, ok ... so I've been sent an email saying I've been refunded, but nothing is showing up from paypal, erm, so where have they paid the money to then? 😕

Just found an '02 Prepay' fraud on my mastercard 3 days after using it for a crc purhase. Thankfully my bank is now processing a refund.

No goodwill voucher after the fraud on my card, but then I didn't report it directly to CRC either.

Currently in a state where if I can buy elsewhere I will. Will only use Paypal with CRC in future.

Just received a phone call from .
Card is cancelled and a new one being issued.
I placed an order last night, being told that it's all sorted.

Trying to deal with this at school is no good!

Email them directly saying you were a victim of fraud after a CRC purchase and you should get your £30 voucher. I did this yesterday and used my voucher today - paying by PayPal of course!

I've phoned them instead,

They told me it's just a coincidence when I havnt used my card in ages! And the deputy manage is going go follow it up with m bank and call me back,

I had 15 mins waiting to even speak to some one and then put on hold for ages!

I woluldjust like some recognition of where the fault is, a voucher doesn't matter at the end of the day, bu I now means I can't order my mums day prezzie or do any thing I need to within 5 days!

No voucher for me, sent them a 'disappointed' email saying my card had been comprimised last Friday. Oh well, ordered my reverb from merlin.

I sent them an e-mail on Tuesday and got a reply this morning with voucher.

I sent them an email last week & got my voucher. One set of park cable cutter on their way to me for £2.99. Balance paid via paypal, natch.

got two emails but the voucher only worked once 😕

Got the voucher (took a couple of days, which is fair enough - I suspect they are snowed under).

Now what shall I spend 30 virtual notes on? When my 2nd new CC of the year arrives of course 😉

don't want to spend just over the 30 else the bank will think it's a tester amount and will block the card again 😉

Now what shall I spend 30 virtual notes on?

I could do with a new jersey?

8)

sorted! made a bank transfer and they re sending it off early !

So is CRC sorted then! who's all buying what ❓

If you scour the BBC there is am article about a very large scale SQL attack affecting hundreds or thousands of sites running Microsoft SQL server. I gather it happens because SQL queries are not filtered which allows rogue instructions to make changes to the database. Typically these change links to payment pages and allow the attacker to intercept your card details. These are then sold on. I wonder if CRC were victims of this same attack?

If There are security experts on here I would be interested to know more about this and how as a consumer to avoid these weaknesses

My ban called me on the 19th january as fraud was noticed in my card and needed to reissue a new card. The call was just after I ordered some things from CRC. I did not know if it was because of this concern with CRC. But If it was I have got no voucher. From reading the tread it sound like it as the card was used to make a payment at newlook. I do not shop there for one thing. Pluse how did the bank know it was fraud on the account?

Oh well, looks like I've joined the list of the ripped off, well my bank has, a couple of 02 prepay payments taken a couple of days ago. Bank are reissuing card. How do I get the CRC voucher?

bank cancelled my debit card this week as well, no news on why but I have my suspicions. All they would say was part of a large scale fraud risk

Well you can add my name to the list too, thought I was OK, but got a call today from barclaycard, about 5 unauthorised transactions today, western union, apple store and a few "streamline purchases" not sure what for. All in about £500 worth. Thanks alot CRC totally pain in the ass being without a card for the next few days

Interesting that other online web retailers do the right thing, and notify their customers when they have a security breach: [url= http://www.bbc.co.uk/news/technology-12983177 ]bbc news[/url]

The company has contacted users of its online service to warn them about the data breach

Shame CRC don't have the guts to do the same.

Me to...

30 to O2 and 20 to vodafone. Co-op bank never picked it up.

Transaction with CRC was 10th March... Keep checking guys.

Just found out my card has been stopped after a loads of attempts to register and take payment including Apple store US, PayPal card registration, Net a Porter womens clothing, £1500 mobile phones and £1500 Royal Mint!

Fortunately all declined but the fraud guy picked up on a transaction from CRC back on 12th March.

Keep checking!

Bought loads of stuff off them and never been given a voucher once.

Got me. O2 top ups and £1000 at a French travel agency.

i've been done. Received my statment at the weekend and they got away with £200 of electrical stuff bought online, and THEN (after) did another $2 on a US site to check the card (on a statement i haven't received yet) No doubt more purchases would have followed. Thing is they usually do the £2 tec check first to see if the cards live so were obviuosly preety confident about the inital details they had. Eamiled CRC 3 days ago and not heard a thing. Surley they shouldn't just ignore my email! Last used CRC in the first week of March. Surely there's more just a small perecntage of customers affected. ( Overall for the yr maybe) .Still waiting to hear from CRC ....

Me too. Fortunately B/Card spotted a couple of very small unauthorised trasactions and put a stop on the card but this was only days after a CRC transaction,

having said all that CRC are usually spot on!

Bumpty bump. I bought from CRC at the end of February and my bank just called me having stopped 3 attempted transactions. Bank of Scotland seem on the ball since no money has actually left my account.

I rarely use this card, so likely to be CRC hole that got me. (Usual caveat that it could have been scammed elsewhere applies).

Be alert folks - I bought stuff a month and a half ago, and the attempted transactions were only this week.

*sigh* So, is the consensus that buying from CRC with anything other than Paypal is to be avoided still?
It would be good to know a proper responsible (i.e. upfront about what they're doing to eliminate risk) line from CRC themselves on here (I'll be dropping them a line anyhow).
Having swapped out my card at the start of this thread, I don't want to compromise another one...

I foolishly used my visa debit card on CRC yesterday thinking that the security issue would have been well sorted by now

Anyone bought anything recently and had problems?

Card got done a couple of days ago 🙁

Don't know if it was CRC related, but I brought stuff from them at the beginning of all these troubles, and thought I had got away with it.

The card only gets used for the weekly supermarket shop, as well as a purchase from wiggle.

Bought some stuff last week and checking online bank account daily. No unusual transactions so far.

Only just heard about this CRC fraud, explains why I had to cancel my card the day before my holiday at end of Feb with associated hassle, it seems I was one of the 'early ones' to be done over. Not heard a peep from CRC, have bought from them since (once or twice on debit card, about 6-8 small orders using Paypal). My bank were originally on-the-ball in detecting the fraud but have been quiet since despite me using CRC again. I'd been VERY careful prior to this incident and only had the account open for five months when this happened. Will be checking my account again with a fine toothcomb later...