Actually, SAN had a data breech that compromised everyone's personal information back in 2017. It apparently was not severe enough to prompt an upgrade in infrastructure.
Official Notice of Data Breach
Dear XXXXXXX :
Please read this letter in its entirety. On September 28th, we notified you of this data breach. This is the formal advice as directed by our insurance company.
What happened? What information was involved?
We recently became aware that our StampAuctionNetwork (SAN) server was hacked on September 26, 2017. The attack did not target StampAuctionNetwork directly, we have SSL security there which protects from external attacks. The breach was made through our main offices and they were able access SAN from there. We took immediate steps to stop the access and respond to the situation. Based on our review of the systems, we have discovered that some of your personal data may have been compromised. This data includes your name and payment card information.
While we have no evidence that any of your personal information has been misused in any manner, we are taking appropriate precautionary measures to ensure your financial security and help alleviate concerns you may have.
Your XXX Credit Card Ending in N-NNNN with Expiration date ZZZZ may have been compromised. We suggest you cancel this card and request a new one, if this card is still active.
What is Droege Computing Services, Inc. doing to address this situation?
Droege Computing Services, Inc. has made immediate enhancements to our systems, security and practices. Additionally, we have engaged appropriate experts to assist us in conducting a full review of our security practices and systems to ensure that appropriate security protocols are in place going forward and we have removed all credit card information from SAN. We are committed to helping those people who may have been impacted by this unfortunate situation.
What can I do on my own to address this situation?
If you choose to place a fraud alert, you will need to contact one of the three major credit agencies directly at:
Experian (1-888-397-3742) Equifax (1-800-525-6285) TransUnion (1-800-680-7289)
P.O. Box 4500 P.O. Box 740241 P.O. Box 2000
Allen, TX 75013 Atlanta, GA 30374 Chester, PA 19016
www.experian.com www.equifax.com www.transunion.com
Also, should you wish to obtain a credit report and monitor it on your own:
IMMEDIATELY obtain free copies of your credit report and monitor them upon receipt for any suspicious activity. You can obtain your free copies by going to the following website: www.annualcreditreport.com
or by calling them toll-free at 1-877-322-8228. (Hearing impaired consumers can access their TDD service at 1-877-730-4204.
Upon receipt of your credit report, we recommend that you review it carefully for any suspicious activity.
Be sure to promptly report any suspicious activity to Droege Computing Services, Inc. and your credit card company.
In addition, we are urging all customers to notify their bank of this incident to inform them that your account may be at an increased risk for fraud and so that your bank can flag your account. We also encourage you to monitor your accounts closely for any suspicious activity and to notify your financial institution immediately if you notice any unauthorized transactions.
For More Information
You can obtain more information about identity theft and ways to protect yourself from the Federal Trade Commission (FTC). The FTC has an identity theft hotline: 877-438-4338; TTY: 1-866-653-4261. They also provide information on-line at www.ftc.gov/idtheft.
What if I want to speak with Droege Computing Services, Inc. regarding this incident?
Please call Tom Droege at 919-403-9459 from 9-5pm Eastern Standard Time, Monday through Friday.
At Droege Computing Services, Inc. we take our responsibilities to protect your personal information very seriously. We are deeply disturbed by this situation and apologize for any inconvenience.
President and CEO