Jump to content

Photo
- - - - -

Form Letter to Hasbro Regarding Club Credit Card Breach


39 replies to this topic

#1 Robowang

Robowang
  • Citizen
  • 451 posts
  • Gender:Male
  • Location:McDonaldland

Posted 23 February 2012 - 11:01 PM

Some fans created these form letters we can send to Hasbro regarding the recent credit card information theft from the club's system. If you disagree with or feel any parts need to be edited, feel free to change it to your taste before you mail it out.

Enough snail mail from fans should get the point across that we won't tolerate anything like this happening again. The point isn't to shut down FunPub; it's to make Hasbro aware that we ARE very concerned about what has happened and that it has affected our opinions.

Here's a form letter for anyone who had their information stolen and used:
https://docs.google....pjuMt0kUq8/edit

And here's one for anyone who is worried their information may have been compromised, but hasn't been directly affected (yet):
https://docs.google....ZMMeSY9QfA/edit

Please don't edit this and send ridiculous, immature cries against FunPub. This is meant to be a civil letter-writing campaign to get a point across. The more CIVIL letters Hasbro receives, the better the point will come across.

Please spread this to anyone you know who has been affected or could potentially be affected by the recent credit situation with the club.
Attention rich people: Complete/loose G1 collection for sale $20,000. Includes all figures and accessories from U.S. G1

My Wants List
Robowang's eBay Store - lots of TFs
My feedback


#2 Galenraff

Galenraff

    Time for an Optimus.

  • Public Relations
  • 30551 posts
  • Gender:Male
  • Location:Central Illinois
  • Faction::RIBFIR

Posted 24 February 2012 - 12:43 AM

That's really quite good. Nice job, and I also recommend people take this sort of reasoned "FYI" approach toward Hasbro with it. As long as it's an awareness campaign and not a vindictive gripe fest or something, you're right, they absolutely will be paying attention to this.

#3 Hydra

Hydra

    I'm in your Burger Bot eating burgers with your Isenburg!

  • Citizen
  • 2198 posts

Posted 24 February 2012 - 01:43 AM

I don't doubt that Hasbro will take note of the letter,
but what is the desired effect you're hoping for by organizing this campaign?

In other words, what is it you would hope to see them do about it?

-Hydra
SELL ME THESE ITEMS!
Botcon 1997 Dinner Decoys: $300 ea.
Unreleased Ultra Magnus Street Speed Team: $1000
Lucky Draw Orange Hazard Team: $500/member
Bagged BotCon 2006 Box Set figures

#4 M Sipher

M Sipher

    Tinja Nurtles.

  • Citizen
  • 10324 posts
  • Gender:Male

Posted 24 February 2012 - 06:55 AM

Do we even know the theft was from the club's system and not the credit card handling company's system?


M "Or Are We Merely Assuming?" Sipher
The ISLE OF RANGOON - Advantures in Learning and Sarcasm!
Holy crap Sipher has a Tumblr apparently!
http://www.tfwiki.net - We left Wikia before it was cool to do so!

"I don't know whether it's a new thing, but it's certainly a current thing, in that it doesn't seem to matter what facts are. It used to be, everyone was entitled to their own opinion, but not their own facts."
- Stephen Colbert

#5 Chris McFeely

Chris McFeely

    That was then, this is now.

  • Citizen
  • 6356 posts
  • Gender:Male

Posted 24 February 2012 - 07:25 AM

QUOTE(M Sipher @ Feb 24 2012, 11:55 AM) <{POST_SNAPBACK}>
Do we even know the theft was from the club's system and not the credit card handling company's system?


Well, at this point, if I've been following assorted threads properly, it's been confirmed to have happened to people who made purchases - like membership renewals - before Runabout and Drift went up and caused the need for a change to a new handling company, AND to people who have used new cards AFTER the switch-over. Which would mean that handling company's not the problem.

Edited by Chris McFeely, 24 February 2012 - 07:26 AM.


#6 NightViper

NightViper

    Ehhhhh...

  • News Manager
  • 32792 posts
  • Gender:Male
  • Faction::RIBFIR

Posted 24 February 2012 - 07:57 AM

QUOTE(Chris McFeely @ Feb 24 2012, 07:25 AM) <{POST_SNAPBACK}>
QUOTE(M Sipher @ Feb 24 2012, 11:55 AM) <{POST_SNAPBACK}>
Do we even know the theft was from the club's system and not the credit card handling company's system?


Well, at this point, if I've been following assorted threads properly, it's been confirmed to have happened to people who made purchases - like membership renewals - before Runabout and Drift went up and caused the need for a change to a new handling company, AND to people who have used new cards AFTER the switch-over. Which would mean that handling company's not the problem.


I haven't read every report, but all those affected after the switchover did not attempt to make a purchase with the first CC company?

Because even if the order failed to make it through to Fun Pub, that doesn't mean that the CC information didn't make it to the processor.

Edited by NightViper, 24 February 2012 - 08:20 AM.


#7 Powered Convoy

Powered Convoy

    President of the Deflowering Club

  • News and Content
  • 46189 posts
  • Gender:Male
  • Faction::RIRFIB

Posted 24 February 2012 - 08:09 AM

I don't think much good can come of this. Hasbro isn't stupid, I'm sure they're TF and Joe brand people know about this. Starting a letter writing campaign is only going to draw more attention to it and might lead to Fun Pub losing the license to these brands. Which would mean no more TCC or BotCon, as who is going to put up with this crap year round (year after year) like they do?

Randy

#8 Robowang

Robowang
  • Citizen
  • 451 posts
  • Gender:Male
  • Location:McDonaldland

Posted 24 February 2012 - 09:33 AM

There are a lot of people who are upset with the situation who want to make their voices heard somewhere more important than a message board, and there are also a lot of vitriolic people who maybe need a more constructive way to express their concern while feeling they are getting the point to the right people.

The letter specifically says that Fun Pub's part in it was either "knowingly or unknowingly," because we don't know, and while I suppose it is still an assumption, the idea that this is somehow entirely or at least in part Fun Pub's fault seems to be pretty well grounded in reality based on the evidence.

I figure if it turns out that they really do have absolutely NOTHING to do with this, they won't get burned by Hasbro, and the complaints generated in the letters aren't going to a public place. If it IS their fault, then whatever happens happens.

The point isn't to cost people their jobs or, less importantly, their toys, but to give people a private, more effective method of expressing their concern.

Like I said in the original post, if you feel any part of the letter is inappropriate for your own personal concerns, alter it as you see fit. It's not a locked PDF file or anything. Reword it to make the blame more ambiguous if you like, or take it out completely and simply express disdain with the situation itself.

The overall effect of the letter, if enough send it, I hope would be to ensure that proper measures are put in place. An "under construction" sign mentioning updating the credit card server doesn't necessarily assuage a lot of fears. For all we know, they are updating to something slightly less cheap than before - perhaps to the standards of 2005 or something. I don't mean that to sound sarcastic at all; it's an entirely feasible scenario.


Attention rich people: Complete/loose G1 collection for sale $20,000. Includes all figures and accessories from U.S. G1

My Wants List
Robowang's eBay Store - lots of TFs
My feedback


#9 crazyjw18

crazyjw18

    HE TELL ME DRILL WILL PIERCE MUFFINS!

  • Citizen
  • 12205 posts
  • Gender:Male
  • Location:Knoxville, Tn
  • Faction::Autobot

Posted 24 February 2012 - 10:22 AM

QUOTE(Powered Convoy @ Feb 24 2012, 08:09 AM) <{POST_SNAPBACK}>
I don't think much good can come of this. Hasbro isn't stupid, I'm sure they're TF and Joe brand people know about this. Starting a letter writing campaign is only going to draw more attention to it and might lead to Fun Pub losing the license to these brands. Which would mean no more TCC or BotCon, as who is going to put up with this crap year round (year after year) like they do?

Randy


I'd really be very surprised to see it lead to the license being lost. In any case it seems very dangerous to be willing to put up with serious problems under the assumption that no more secure companies would show interest.

In the end, it doesn't really matter if Funpublisher or their CC handling company dropped the ball. It's Funpub's ultimate reponsiblity as the public facing entity in this situation. So far I've been wholly unimpressed by their handling of the situation and am very reluctant to use a card with them again until we get some honesty and openness on the matter.

#10 Powered Convoy

Powered Convoy

    President of the Deflowering Club

  • News and Content
  • 46189 posts
  • Gender:Male
  • Faction::RIRFIB

Posted 24 February 2012 - 10:52 AM

Yeah this should definitely be brought to the attention of someone who can do something about it.

Perhaps a mass hand-mailing of letters should be sent to Brian Savage? That way he may be forced not to be a technological dinosaur.

Randy

#11 Robowang

Robowang
  • Citizen
  • 451 posts
  • Gender:Male
  • Location:McDonaldland

Posted 24 February 2012 - 11:18 AM

QUOTE(Powered Convoy @ Feb 24 2012, 10:52 AM) <{POST_SNAPBACK}>
Yeah this should definitely be brought to the attention of someone who can do something about it.

Perhaps a mass hand-mailing of letters should be sent to Brian Savage? That way he may be forced not to be a technological dinosaur.

Randy


No, that's the point of my form letter. Go over his head to what are essentially his bosses and get THEM to convince him. He's obviously not going to do it on his own.

Use the letter. The letter is good.

Attention rich people: Complete/loose G1 collection for sale $20,000. Includes all figures and accessories from U.S. G1

My Wants List
Robowang's eBay Store - lots of TFs
My feedback


#12 ZacWilliam1

ZacWilliam1
  • Citizen
  • 9815 posts
  • Gender:Male
  • Location:Ct. USA
  • Faction::RIRFIB

Posted 24 February 2012 - 11:25 AM

QUOTE(Robowang @ Feb 24 2012, 11:18 AM) <{POST_SNAPBACK}>
QUOTE(Powered Convoy @ Feb 24 2012, 10:52 AM) <{POST_SNAPBACK}>
Yeah this should definitely be brought to the attention of someone who can do something about it.

Perhaps a mass hand-mailing of letters should be sent to Brian Savage? That way he may be forced not to be a technological dinosaur.

Randy


No, that's the point of my form letter. Go over his head to what are essentially his bosses and get THEM to convince him. He's obviously not going to do it on his own.

Use the letter. The letter is good.



I don't know... Liscensor's aren't really the same as bosses. I think a little concern that Hasbro might just revoke Fun Pub's liscense rather than bother with anything else is something to consider. Not saying they would, just I can see the worry...


-ZacWilliam, not taking either side, just sayin...
Ever wonder about the speed of Turbofoxes?
Or the proverbial ailerons of Titanium Moosebots?

*Visit the one and only Cybertronic Bestiary.
For a mechazoologic tour of the mechanimals of Cybertron.


#13 MightyMegs

MightyMegs

    Someone took their time...

  • Citizen
  • 3301 posts
  • Gender:Male
  • Location:Florida
  • Faction::Decepticon

Posted 24 February 2012 - 11:32 AM

I found out this morning that the Discover card I used to re-up my GI Joe Club membership, at the beginning of Jan, just got hit.

#14 MrBlud

MrBlud

    Pipes must've sprayed me...I'm sorry

  • Forum Moderator
  • 44732 posts
  • Gender:Male
  • Location:Westlake, OH
  • Faction::RIBFIR

Posted 24 February 2012 - 11:35 AM

No harm in writing a letter out to both Hasbro and Funpub.

#15 McFly

McFly
  • Citizen
  • 861 posts
  • Faction::Minicon

Posted 24 February 2012 - 11:37 AM

QUOTE(M Sipher @ Feb 24 2012, 06:55 AM) <{POST_SNAPBACK}>
Do we even know the theft was from the club's system and not the credit card handling company's system?


M "Or Are We Merely Assuming?" Sipher


It doesn't matter. PCI compliance places the responsibility both on the processing company and the merchant using said processor. FP should have had proof of compliance before using them at all. As per the original post, at least one person's CVV (the three digits on the back of the card) was listed. While you CAN store the 16-digit account number as long as it's fully encrypted (256-bit AES ought to suffice for that,) you can NEVER store the CVV. EVER.

Admittedly, if said processing company was outright falsifying reports to FunPub, that would help, but WHY? There are a good number of above-board, legit CC processing shops out there who are PCI compliant largely because they'd lose hundreds of millions in business if they weren't. Why did FP go with a fly-by-night operation in the first place? To save a few bucks? Because they knew someone who worked there?

At some point, the process failed. That alone falls on FP, regardless of whose database was hacked.

#16 Galenraff

Galenraff

    Time for an Optimus.

  • Public Relations
  • 30551 posts
  • Gender:Male
  • Location:Central Illinois
  • Faction::RIBFIR

Posted 24 February 2012 - 12:01 PM

Also, in the end (and I believe Robowang's letter covered this) a more major concern is FunPub's practically non-existent and certainly inadequate customer service when it comes to this issue.

Sipher's right, we don't know for sure what did or didn't happen. And that's actually fairly serious part of the problem - especially for a business operating in a state with a legal mandate to report data breaches.

No, I don't want to see the Club or Botcon go away. And if this screws things up enough that that's what happens, I'll be very sad about that. But for Hasbro, at some point it becomes a risk management issue. Between 3H and FunPub, they've had some rather unfortunate experiences with licensees for the club and con, and it would be really hard to blame them for being gunshy about starting up with someone else. Between that and this partnership being 7 years for TFs (and I'm not sure how much longer for GI Joe), there's incentive for both parties to work together and fix this problem rather than throwing in the towel. We don't know what the numbers look like, but assuming the money is in it for both parties and this is a profitable thing to do, they'll be much more interested in fixing it rather than tearing it down and hoping that the third time will be the charm.

I think Hydra is right though, there probably should be a little bit more of an "ask" in the letter. Maybe more transparent customer service. Maybe specifically ask for PCI compliance. Perhaps at least emphasize further that you enjoy these products and services and want to see them improved so that they will be safe and secure for the fans for years to come. I don't know...it's hard to know what to ask for when you just know something's wrong but can't be completely sure what because some folks who aren't good with technology aren't telling you anything about the technology problem. icon-hotrod.gif

Blud is right though. Sending the letter to both companies would be best.

#17 Robowang

Robowang
  • Citizen
  • 451 posts
  • Gender:Male
  • Location:McDonaldland

Posted 24 February 2012 - 12:19 PM

QUOTE(Galenraff @ Feb 24 2012, 12:01 PM) <{POST_SNAPBACK}>
Also, in the end (and I believe Robowang's letter covered this) a more major concern is FunPub's practically non-existent and certainly inadequate customer service when it comes to this issue.

Sipher's right, we don't know for sure what did or didn't happen. And that's actually fairly serious part of the problem - especially for a business operating in a state with a legal mandate to report data breaches.

No, I don't want to see the Club or Botcon go away. And if this screws things up enough that that's what happens, I'll be very sad about that. But for Hasbro, at some point it becomes a risk management issue. Between 3H and FunPub, they've had some rather unfortunate experiences with licensees for the club and con, and it would be really hard to blame them for being gunshy about starting up with someone else. Between that and this partnership being 7 years for TFs (and I'm not sure how much longer for GI Joe), there's incentive for both parties to work together and fix this problem rather than throwing in the towel. We don't know what the numbers look like, but assuming the money is in it for both parties and this is a profitable thing to do, they'll be much more interested in fixing it rather than tearing it down and hoping that the third time will be the charm.

I think Hydra is right though, there probably should be a little bit more of an "ask" in the letter. Maybe more transparent customer service. Maybe specifically ask for PCI compliance. Perhaps at least emphasize further that you enjoy these products and services and want to see them improved so that they will be safe and secure for the fans for years to come. I don't know...it's hard to know what to ask for when you just know something's wrong but can't be completely sure what because some folks who aren't good with technology aren't telling you anything about the technology problem. icon-hotrod.gif

Blud is right though. Sending the letter to both companies would be best.


You make good points! As long as people are sending it, I'm happy. Again, please feel free to edit as you wish before sending. I'm hoping everyone who sees this thread sends at least some version of it.
Attention rich people: Complete/loose G1 collection for sale $20,000. Includes all figures and accessories from U.S. G1

My Wants List
Robowang's eBay Store - lots of TFs
My feedback


#18 Kalidor

Kalidor

    Get some!

  • Owner
  • 53370 posts
  • Gender:Male
  • Faction::Cannonball's Pirate Crew

Posted 24 February 2012 - 12:32 PM

I'm less concerned whether certain repaints are made available and whether or not there's a Botcon than I am about the dozens of people who have had their data breached and their money stolen or the dozens of people who have yet to be made aware of this issue and run the risk of their finances being compromised.

Given the amount of reports from both here and the GI Joe Club, I personally feel we've reached beyond the threshold of "a reasonable belief that there might have been a breach" and Funpub is obligated under law to notify those who've done business with them of a possible breach. Not only are they in violation of the trust between customer and vendor, but quite possibly the law. A law that carries significant financial penalties if found guilty.

That in itself should be enough to generate a response from the company, to either say "No, we can assure you that NO BREACH occurred" or "We believe a breach might have occurred" If they can't guarantee the former, then it means they do have a reasonable belief that it could have been. Failure to notify its customers in the amount of time that has passed is illegal.

Secondly, if writing to Hasbro will help reveal the scope of how many people are actually being affected by this, then it gives them the opportunity to investigate and come to a conclusion so that consumers aren't forced to draw their own.

Being worried about trivial things like club toys in the future is missing the point of this issue when people's personal and financial information are being sold to criminals around the world, Many fraudulent charges COULD have been prevented if the legally mandated notifications were given out.

Such irresponsibility not only affects the club or its customers, but it affects banks, the vendors where fraudulent purchases were made and Hasbro itself. Thousands of dollars, if not more, of money and time being wasted all because someone at the club didn't want to 'admit fault'.

This is a very serious issue and by now something should have been formally stated either way from the Club regarding a breach.

#19 Cat

Cat

    Official Stick Reviewer

  • Supporter
  • 6988 posts
  • Gender:Not Telling
  • Location:Australia
  • Faction::Autobot

Posted 24 February 2012 - 12:56 PM

I'm iffy on this.

I am familiar with both sides here, and I just don't know.

I would have thought that Fun Pub would have had more definite info by now, but there are so many variables, including the fact that I doubt they're a big client to get 'proper' management from their bank/CC provider.

But, what's done is done.

Good luck to those affected, and I hope you get the desired outcome from this. (And let me re-iterate, I absolutely understand why you're pissed about this. I honestly do. It's just that I'm also familiar with the other side, and it's not as easy as most people think it is. Even I'm surprised at how complex these investigations can get)

#20 Mouse_Pad

Mouse_Pad

    I am Babushka Sky Lynx. I come from Russia.

  • Citizen
  • 6694 posts
  • Gender:Male
  • Location:Memphis, TN

Posted 24 February 2012 - 01:05 PM

QUOTE(ZacWilliam1 @ Feb 24 2012, 10:25 AM) <{POST_SNAPBACK}>
QUOTE(Robowang @ Feb 24 2012, 11:18 AM) <{POST_SNAPBACK}>
QUOTE(Powered Convoy @ Feb 24 2012, 10:52 AM) <{POST_SNAPBACK}>
Yeah this should definitely be brought to the attention of someone who can do something about it.

Perhaps a mass hand-mailing of letters should be sent to Brian Savage? That way he may be forced not to be a technological dinosaur.

Randy


No, that's the point of my form letter. Go over his head to what are essentially his bosses and get THEM to convince him. He's obviously not going to do it on his own.

Use the letter. The letter is good.



I don't know... Liscensor's aren't really the same as bosses. I think a little concern that Hasbro might just revoke Fun Pub's liscense rather than bother with anything else is something to consider. Not saying they would, just I can see the worry...


-ZacWilliam, not taking either side, just sayin...


Hasbro did grab the reigns when 3H fell apart at the end. So it's pretty clear that they can and will intervene when necessary.

Even though I have my list of complaints about FP, they make good products and put on a (mostly) good convention, so I don't have any real desire to see them go away. I just really want to see them put up a decent, trustworthy website.
I have signatures disabled because they suck.



Reply to this topic



  


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users