Card fraud from a website (SPNUK Creation Ent)

pulliptears

Yes yes, I know how the acronym looks, we laughed about it at the time.
It stands for Supernatural UK, a convention held in May last year for fans of the TV Show.

The con was put on by a company called 'Creation' who organise SPN cons worldwide. Last night a few noticed their cards had been compromised. This morning that figure is up in the hundreds. The only thing we all have in common? Creation Entertainment.

We can say with certainty the breech has come from them. Many of us only used our cards to pay for tickets.
Interestingly when I log in to my creation account it tells me they have no card details saved, but clearly they have as they wouldn't have been compromised.

I am assuming there is little that can be done about this given this is a US company? I don't know a great deal about data protection but clearly they still have our details almost 12 months later. Is this right?

Fortunately I've lost nothing. Nationwide (PRAISE!) realised I wouldn't go on a £500 Hugo Boss bender and cancelled my card before anything was taken, but I'm annoyed that mine, and hundreds of others, information has been compromised in this way.

other than haranguing on Twitter what else can be done?

Bermonia

Not much to be honest... as said you cannot be certain this is where the information came from.

davidmcn

pulliptears wrote: »

other than haranguing on Twitter what else can be done?

Get a replacement card and move on. People who are carrying out largescale card fraud are hardly going to be interested in their data protection responsibilities.

pulliptears

Bermonia wrote: »

Not much to be honest... as said you cannot be certain this is where the information came from.

We can be 100% certain.
A good portion of cards were only used on Creation Website. Of the ever growing number of us worldwide we all have one thing in common. We attended a SPN con through Creation.

pulliptears

davidmcn wrote: »

Get a replacement card and move on. People who are carrying out largescale card fraud are hardly going to be interested in their data protection responsibilities.

Thats the surprising thing, this is a huge company organising huge conventions worldwide. Their current response is 'we're looking into it' followed by radio silence.
Clearly they have saved details when they shouldn't.

But yes, replacement card on it's way.
Hopefully posting here might alert anyone who attended and doesn't use twitter/facebook into checking their bank.

DoaM

Technically this should be in PV&W.

pulliptears

Interestingly, after well over 700 people were affected by this, Creation actually admitted it.

We take the safety and security of our customers very seriously. Since learning of a possible issue with fraudulent credit card charges, we have been working diligently to discover the cause and to update everyone on our progress.
We can now confirm that there was a breach of our system related to transactions that occurred in and prior to October 2018. More detailed notices will be sent to individual cardholders whose information was potentially compromised. We will also be working with law enforcement and credit reporting agencies to bring the responsible individual(s) to justice and to minimize as much as possible the harm to our customers.
There does not appear to be any issue with our new system and we regret any inconvenience this may cause. As additional information becomes available, we will share as much as we can.

They have told lies though, there is no 'new system' it's the same old system, but they have added a 'verified and secured' logo to their website.

Either way, it's done, they held their hands up to it, but for anyone reading this and thinking of booking a Convention with them, I wouldn't recommend it, but if you must use a prepaid visa and make sure you cancel it straight away.