This worries me a little bit...

quote:<HR>
Dear Customer,

Egghead.com has discovered that a hacker has accessed our computer
systems, potentially including our customer databases. While there
is no indication that any customer information has been compromised,
as a precautionary measure, we have taken immediate steps to protect
you by contacting the credit card companies with whom we work. They
are in the process of alerting card issuers and banks so that they
can take the necessary steps to ensure the security of cardholders
who may be affected.

We wish to underscore that we have taken these steps as precautions.
We have no information at this time to suggest that any credit card
information has been compromised. We are investigating this possibility,
and we are doing everything we can to proactively protect you. If you
would like further information, you may wish to contact the issuer of
your credit card to determine what steps they are taking. We regret any
inconvenience this may cause you.

We issued a press release on this matter earlier today. It is appended
below this message. If you have additional questions, please call our
customer service team at 1-800-EGGHEAD (344-4323).

Respectfully,

Jeff Sheahan
President & CEO
Egghead.com, Inc.
<HR>

Here's the press release:

quote:<HR>
Press Release:

Contact:
Joanne Hartzell
Egghead.com, Inc (650) 470-2713
John Stodder, Shoreen Maghame
Edelman Worldwide, (323) 857-9100


Egghead.com Investigates Breach of Company Computer Systems
Company Undertakes Immediate Precautionary Measures
MENLO PARK, Calif., December 22, 2000 - Egghead.com ®, Inc. (Nasdaq:
EGGS), released the following statement today:
“Egghead.com has discovered that a hacker has accessed our computer
systems, potentially including customer databases. As a precautionary
measure, we have taken immediate steps to protect our customers by
contacting the credit card companies we work with. They are in the
process of alerting card issuers and banks so that they can take the
necessary steps to ensure the security of cardholders who may be affected.

“Simultaneously, we have retained the world’s leading computer security
experts to conduct a thorough investigation of our security procedures
and an analysis of this breach. We are also working with law enforcement
authorities, who are in the process of conducting a criminal investigation.

“For many months, we have been in the process of strengthening our security
systems in an effort to combat the increasing, industry-wide problem of
malicious hacking. We are committed to providing the highest security
standards in the industry, a process that has been ongoing and has
involved a considerable investment on the part of our company. Those
principles will continue to guide us going forward.”

About Egghead.com: Egghead.com is a leading Internet direct marketer of
technology and related products. With an emphasis on Small- to Medium-sized
Business (SMB) customers, Egghead.com offers a wide range of products from
computer hardware and software, consumer electronics and office products,
to sporting goods and vacation packages. Its Clearance, After Work and
Auction formats offer bargains on excess and closeout goods and services.
Egghead.com combines broad selection, low prices, and excellent service
to provide an outstanding online shopping experience for businesses and
consumers. Egghead.com is located on the Internet at http://www.egghead.com

This press release contains forward-looking statements that involve
risks and uncertainties, including but not limited to statements relating
to steps taken to protect our customers. These forward-looking statements
are based on information available to the company at the time of this
release and we assume no obligation to update any such forward-looking
statements. The statements in this release are not guarantees of future
performance. Actual results could differ materially from current expectations
as a result of numerous factors. For example, our ability to protect our
customers from potential misuse of private information is limited, and the
impact of compromised computed security on our business is unpredictable.
Other risks and uncertainties associated with the business are detailed in
our most recent Forms 10-K and 10-Q which are on file with the SEC and
available through www.sec.gov

Shoreen Maghame
Edelman Worldwide
(323) 857-9100 ext. 231
e-mail: [email protected]
<HR>

I just got the e-mail. Sigh. Once a customer's credit card has been charged, and a reasonable period has passed to allow for returns, there's just no justifiable reason for any company to keep a customer's credit card number.

There's just no reason to take a chance on Egghead again after something like this, even if the information wasn't comromised.

I'm getting tired of this crap... I really wish that companies would seal this information (at least where it can be retrieved in massive quantities of card #'s) more securely. It's like going up to a bank and having the front where the tellers sit all fortified with stone walls and alarms and then the back vault being in a wood shack with a small padlock that people can break in and get the real goods.

I just got this email too, and if my card has to get canceled, that will be the third time in a little over a year (CDUniverse, Ken Crane's (I think), and now Egghead).

I'm in the middle of dot-com business myself and am feeling the drastic effects of the stock market fallout that I think is overreactionary at the moment, but damn it, these companies who have online transactions with CC's have to think of themselves as banks, and not "out-source" or make secondary their security. That's one thing that web sites do have control over that can kill them if they don't do it right. When one or two drop their guard, it affects all of them when the consumer gets soured on ecommerce!

Is anyone "saving" their CC# for future use on any of these sites any more? When given a choice, I certainly am not!

------------------
- DVDealer

I just got this message also. I was also impacted by the CDUniverse incident and it
is most definitely shaking my faith in internet shopping.

One of the worst offenders must be buy.com with their policy of keeping all credit cards ever used on their system in some database in order to "protect" their new customer coupons.

The problem that arises is that the generic CSR cannot and their supervisor will not delete your credit card information even after spending a protracted amount of time on the phone with them.

Perhaps American Express with their unique, one time generated card numbers for online use will be the wave of the future.

If I were a hacker I'd certainly be looking at buy.com as a big juicy snack.

How you remove the information off the site! I changed as much as I could, but how do you get the information like order status off the site permently.

I got one. Ya it tee'd me off so much I went to VISA.COM and AMERICANEXPRESS.COM. I heard or read somewhere that with there new technology that WITH every transaction a user will get a unique credit card number.

But, unfortunately these sites are not easy to navigate or to find the information.

I guess, I'll have to cancel my card and get a newone the old fassioned way. Jeez!

-Taco

quote:<HR>Originally posted by Lurker1999:
One of the worst offenders must be buy.com with their policy of keeping all credit cards ever used on their system in some database in order to "protect" their new customer coupons.

The problem that arises is that the generic CSR cannot and their supervisor will not delete your credit card information even after spending a protracted amount of time on the phone with them.

Perhaps American Express with their unique, one time generated card numbers for online use will be the wave of the future.

If I were a hacker I'd certainly be looking at buy.com as a big juicy snack.<HR>

The problem is not that they keep your credit card #, as almost every internet company that lets you keep an account with them will have this. What this comes down to is where the information is kept. If you do not keep all your data in the same servers you can do a better job of protecting your data (ie, seperate web, mail and database servers). It seems that buy.com does run a very secure business, and their necessity of keeping their records of coupon use seems to be a fair practice being that there is a great deal of coupon abuse that goes on.

The CC numbers should be stored in the
database as encrypted data, so even
if some hacker were to retrieve thousands of
rows of data, it would be useless.

These dot-coms are all clueless...

I'll give egghead.com credit though, they at
least proactively notified their
customers that something may be afoot, and
to keep an eye out. cduniverse didn't tell
anyone for weeks after they knew positively
there was a serious problem.

I too got trumped via egghead. And though I suspect most web sites that think themselves secure are not, I am still starting to have doubts about ecommerce as it stands. That said, for those of you who wish to delete cc data held by all those dot coms you did business with, IT'S EASY! Just do what I *had* to do - cancel the card(s) and get them reissued with new numbers. Tada. This time around I am going to be very choosy with whom I send my cc info to(heck all the really good coupons/sites are gone anyway)

-coco

Well, I watch my online statement pretty closely anyway. I think i'm going to hold off on canceling and only do so if I ever get an unauthorized charge. No point going to the trouble of getting a new card if I don't have to.

Sigh... I just got a call from my credit union saying my old card had to be cancelled because of the Egghead fiasco.

Changing my pre-orders at Amazon.com was a breeze but when I called Buy.com they said they can't change the CC information on pre-orders. Since my old card was already authorized, the DVD will ship anyway, HAH!

------------------
"Tear it up! Tear it up! Tear it up!"
My DVD List