Panthers007

I ordered, before all this transpired, a large can of Finish Line dry-lube from Nashbar. Some time went by, then the box arrived. In it was a Vittoria 20 X 1 1/8 - 1 1/4" inner-tube. On the box was a Nashbar stock sticker: Finish Line Dry Lube it says.

I called them up and told them what happened. The woman said: "I don't know what they're doing in the warehouse." I told her it must be a lot of booze. She graciously allowed me to keep the inner-tube and promised to dispatch a can of the Finish Line. It took a month to arrive...

I'm still carrying that inner-tube around - looking for a bicycle that it would fit. No such luck. My plan is to give it away.

prathmann

If the tube is correctly labeled it would fit a bike with 451 x 28 to 451 x 32 tires. These are used on some Bike Friday models (incl. mine) and quite a few recumbents.

Lurker1999

Vote with your feet and stop shopping with them.

nivekdodge

https://www.bicycleretailer.com/news/...tail/2947.html

wahoonc

Yes we reached out to them...I sent a letter letting them know of the breach when my card was fraudulently charge in March. I received no response of any kind. AFAIAC I won't spend money with them again. Their customer service has been getting worse over the years.

Aaron

Panthers007

When a dog pees on the rug (or worse), do you reward the dog with a doggie-treat?

tellyho

Just got my letter. I'm pretty sure my info was nabbed twice through their system. Have ordered since then without compromised card. I'm glad they're finally owning up to it. I'll probably use the coupon and continue ordering from them, as they're the cheapest game around.

bababooey

I got my letter today also. Back in Jan. someone got into my debt card and rang up $300 worth of stuff. In Dec. I ordered some sunglasses and a jersey from Nashbar. I saw this thread a month ago and put two and two together. Now with this letter, it confirms it.

baldsue

I got my letter today. My guess is they're sending them out by state since my letter had state specific info about laws.

The letter was lame and much too late. Nashbar and Performance will never again get my business. They're 30% off discount is lame. They take no blame and the apology is on the very last line of the letter. The apology should have been the second line of the letter, the first being notification of the breach. And the letter should have been sent at least 3-4 months ago.

The Nashbar business model could be a case study in how not to handle a security breach.

Maybe I'll send Nashbar the ugly CZ ring I received because of their negligence.

cs1

Got my letter today, Ohio. WOW, I ordered something in Dec 2008 and got hit in March 2009. That's exactly when the letter said it happened. Why did they wait almost 4 months to let anyone know? That's outrageous to say the least. The discount code isn't worth it if they hack into my account again.

Panthers007

Two reasons:

1. Nashbar, even if you specify NOT to retain your credit information, Nashbar keeps your credit information.

2. They did not patch the hole in their system. That we are still hearing of recent cases of ID-theft and credit-card charges - as recently as last week where I'm perched - the problem has not been solved and the customers are still getting robbed.

There are 2 reasons I can find. Conclusions is another matter. I have a warehouse-full of these. And they bode ill for Nashbar. After all this evidence, I find it hard to fathom why anyone is doing business with them. With the notable exception of identity-thieves.

125psi

Because they might not have known right away. Other big beaches such as "Hanafords" or "TJ MAX" wasn't known immediately. Given the issue/crime and knowing how banks/visa works, NB will be a locked down in no time. The lock down means better software/hardware, security procedures and external security measures (e.g. periodic audits on the network(s) for one) No biz can work with negative publicity like this. If they don't comply with the measures and this occurs again the fines imposed are outrageous.

I got over $500 charges on a new EXXON card I got that I had never used. In Florida of all places...I'm from PNW. How? Someone hired internally got CC# and sold them. Just watch your statements weekly.

Just my $.02

cs1

What is a lockdown? Does NB do it or are they locked down by someone else? I can't believe, like the post above said, that the problem isn't fixed yet. Not fixing a problem of that magnitude can shut you down just from the bad publicity.

OTH, why would any of us who were victimized, they nailed me, use the 30% off discount? We could just be nailed again.

TomM

They should have been locked down to begin with. There is a set of technical and security requirements that must be met in order to process credit cards know as PCI. One requirement is that any website that accepts credit cards must under go a security/vulnerbility test on a regular basis, ususally quarterly. With Nashbar it's difficult to know how the data compromised because Nashbar has been mum. TJMax was compromised because of an unsecured wireless network. The data at Hanafords was compromised between the card swipe box and the backend server.

Also, just because the problem is fixed doesn't mean the cards that were originally stolen are safe. I've had two cards compromised because of this. Back in May Amex detected fraud and two weeks ago BOA detected fraud on my Visa.

Panthers007

I got my "Boo Hoo Hoo - We Did All We Could!" letter from Dumbell - er - Nashbar today.

TomM

Do any of you people who have received the letter live in Florida?

125psi

Tj max situation was complex having to do with the last line to the host processort. If folks are still getting hit due to nb its probably residual effects. There is no way that nb is still processing with the breach still in effect. The host processor and visa wouldn't allow it. It does cost the banks $$ to issue new cards. They wouldn't sit back and. Let nb continue on with a hack in place. Is your are interested in what's going on with electronic payments these days google.... "PCI electronic payments". These door have been open for years folks. Finally the networks are taking action....

Panthers007

I'm in Vermont, so they must be doing the 'V' ones. Or if they are sifting by last names - They are doing 'F' now. Which is what grade I'd attach to their pissy letter.

coldfeet

Would someone who has received a letter please post it? Personal data removed of course.

From what I'm reading so far, it was Nashbar and Performance CC fulfillment company who got hacked, and they have moved to a new CC clearing company. The time it took them to notify seems long, but they have come up with an excuse. ( poor though it may be )

Personally, I will continue to buy from them if the price is right or it's something difficult to get elsewhere. Should say that it's been a long time since they had a current CC # from me.

For those that use the Money Order option, use a bank MO not postal, and make sure you mail it to the right address, it will save a lot of time.

Panthers007

As you wished:

baldsue

I just received an email from <resolution-uk@amazonfraudcheck.com> for the Amazon.com account that was used fraudulently. Beware, this is a hazadarous email. If you get it, don't click on the links within it. Just delete it.

You probably only need to worry about this if the perpetrator created an Amazon.com account with your email address, which is what happened to me.

Just gotta say, Thank You Nashbar. You just keep on giving.

coldfeet

Thanks Panthers007,

If you take that letter as factual, it would seem that the breach originally was not their fault, and when they were told it was not true, persisted with their own investigation. Now, I think there is a good possibility that they could have done more in the early stages, but i don't know if there is some legal restriction they were working under.

I am prepared to give them a pass, subject to increased vigilance. If the rest of don't, it's your money, your right to do what you feel is best for you.

Malthus

It never ceases to amaze me that regardless of a company's irresponsibility, there will always be some who either defend or explain away their actions, or in the case of Nashbar - inaction. Nahsbar's first and primary interest was and continues to be saving their legal and PR asses, and only then informing their customers 4 months later.

And then these corporate apologists will always blame the consumer for not checking their statements daily, weekly, hourly.... So if you were stung by Nashbar, it's really your fault - how dare you express your dissatisfaction with them in public and refuse to shop with them again!

Neil_B

I'm also prepared to do so. It looks like they took action as soon as it was feasible.

Glennfordx4

It wasn't until reading this thread that I had known where and how this happened and starting in Feb and ending in May I had theft into 4 of my CC's one being a debit that was only used once online and after checking it was at Nomoreofmycashbar.I haven't got a letter but did lately receive a sorry Email with nothing but free shipping offer. I had to open a police report before my bank would reverse any charges ( which they did ) all my CC's have been replaced but not my debit card yet and it's been 3 months and is a pain being without. I now must contact the police department and inform them about The NB security breach.