We use cookies to optimize our website. By continuing to use the website, you agree to the use of cookies. Further information about the cookies can be found in our privacy policy. Learn more.
Data breach FAQ Putmeinthestory.com
Date: Tuesday, October 7th, 2014
Answers to commonly asked questions for customers impacted by the recent data breach.
A message to our customers
We truly value our relationship with you, and we know this incident has had a significant impact on you. We are sorry. We remain focused on addressing your questions and concerns.
- - You have zero liability for any charge you didn’t make.
- - If you see charges on your card that you didn’t make, contact your financial institution immediately.
- - Immediately change your password by resetting it here on our site https://www.putmeinthestory.com/reset-password.html
Please continue reading for answers to some common questions. We will continue to update this page as more information becomes available.
We established a toll-free number to assist with your questions regarding this issue.
Monday - Friday
8:30 AM - 5:30 PM CST
(844) 810-1155
About the breach
What happened?
On June 18, 2014, we were notified by Visa as a common point of fraudulent charges reported to them. Upon investigation, we learned a security vulnerability in our shopping cart software allowed criminals to obtain credit card information and personal information at the time of purchase.
The credit card information included card number, expiration date, cardholder name and card verification value (cvv2). The billing account information included first name, last name, email address, phone number, and address. In some cases, shipping information was included as first name, last name, phone number, and address. In some cases, account password was obtained too.
We partnered with a qualified third party forensics firm who thoroughly investigated the breach.
Has the issue been resolved?
Yes. We updated the shopping cart software that addressed the security vulnerability.
What information was taken?
The credit card information included card number, expiration date, cardholder name and card verification value (cvv2). The billing account information included first name, last name, email address, phone number, and address. In some cases, shipping information was included as first name, last name, phone number, and address. In some cases, account password was obtained too.
What are you doing to protect me from this happening again?
We have implemented additional security enhancements to our server and shopping cart software. We maintain ongoing payment card industry (PCI) compliance to address security standards. More information can be found here https://www.pcisecuritystandards.org/.
Customer information
When did you learn that this was happening?
We learned of this on June 18th, 2014. We immediately took measures to remove malware the criminals left behind.
How many customers had their information stolen?
5,204 customers had been affected.
What information was taken?
The credit card information included card number, expiration date, cardholder name and card verification value (cvv2). The billing account information included first name, last name, email address, phone number, and address. In some cases, shipping information was included as first name, last name, phone number, and address. In some cases, account password was obtained too.
What information from my credit card is stored on the website?
We keep only the last four numbers of your credit card and the expiration date for reference after the credit card is processed.
How do I know if my information was taken?
You will receive a letter from Sourcebooks, Inc. in the mail. Put Me In The Story is owned and operated by Sourcebooks.
What does it mean if my information was stolen?
The primary risk is increased exposure to consumer scams, such as phishing, web scams and social engineering. We want to help our customers protect themselves by providing information and resources about these scams. For helpful tips and more information, see the Frequently Asked Questions provided on scams and phishing below.
Credit and Debit Cards
How do I know if my credit card was affected?
You will receive a letter from Sourcebooks, Inc. in the mail.
How many cards were affected?
5,204 cards were affected.
Since I purchased something on your site between April 16th 2014 and June 19th 2014 does that mean my card has been used fraudulently?
No. Because you shopped at our site during that timeframe does not mean your credit card has been used for fraud. You should continue to closely monitor your credit or debit card account information and immediately report any fraudulent or suspicious activity to your financial institution.
Should I call Put Me In The Story to see if my credit or debit cards were affected?
No. You should call your card’s issuing bank if you discover any suspicious, unusual or fraudulent activity.
Will my card’s financial institution be able to tell me if I was impacted?
Yes. With any fraudulent charges your financial institution should be able to alert you of a potential unauthorized transaction. It’s also recommended that you watch your credit card statements closely and notify your financial institution if a discrepancy arises. You will not be held responsible for any unauthorized charges.
Will I be held liable for fraudulent charges on my card?
No. You have zero liability for any fraudulent charges on your credit card. If any fraudulent charges appear on your statements notify your financial institution immediately to report the charges. We recommend that you request a new card be issued to you and monitor your monthly statements.
Scams and Phishing
If I receive a call, what should I do?
We will never call, email or text you asking for your social security number, credit card number, and/or other personal information.
Do not provide that information. Be wary of scams that may appear to offer protection but are really trying to get personal information from you.
If you have any suspicions about the authenticity of an email or text, do not click the links in it. Please go directly to the site by entering the URL in your browser.
What kind of scams do I need to watch out for?
Following an event like a data breach, it’s common to see fraudsters use emails, texts, phone calls and fake websites to try to steal your personal information.
- Social Engineering: Using fraud or deception to manipulate people into performing actions or divulging information that they would normally not share.
- Social Engineer: A scam artist who contacts individuals via phone, email, text message or even in person to gather information for the purposes of fraud, data system access, identity theft and more.
- Phishing: A social engineer uses a fake email to trick recipients into giving up credit card information, passwords or other sensitive information. The email may appear to come from a trusted source, such as a reputable company or bank, and often includes personal details so it appears the sender knows you.
- Smishing: Similar to Phishing (see above), a social engineer sends a fake Short Message Service (SMS) text message to your cell phone, announcing that you’ve won a prize or offer from a trusted company or bank if you follow a link to a website and enter a code. Clicking the link can expose your phone to malware.
- Pretexting: When a social engineer impersonates someone with authority and creates a fake scenario to trick unsuspecting individuals into sharing private or sensitive information.
What are some things I can do to avoid social engineering scams?
- - Never give out private or personal information, including financial details, unless you can verify the identity of the person or organization contacting you.
- - Don’t respond to texts or emails coming from a contact you don't recognize, and don’t click on links. Instead, if you need to check on your account, type the site address you want visit into your browser and securely log into your account.
- - Don’t send money to strangers; scam artists often insist that you wire money, especially overseas, because it’s difficult to trace the transaction.
- - Keep an eye on your monthly statements. If your account information is stolen, fraudsters can use it to charge purchases or commit crimes in your name. Watch for unusual charges such as “membership fees” and other goods or services you didn’t authorize. If you see a charge you don’t recognize, contact your account provider immediately.
Equifax
Equifax Consumer Fraud Division
P.O. Box 740256
Atlanta, GA 30374
www.equifax.com
(888) 766-0008
Experian
475 Anton Blvd.
Costa Mesa, CA 92626
www.experian.com
(888) 397-3742
TransUnion, LLC
P.O. Box 2000
Chester, PA 19022-2000
www.transunion.com
(855) 681-3196
Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, DC 20580
www.ftc.gov
www.ftccomplaintassistant.gov
Additional Free Resources on Identity Theft
You may wish to review the tips provided by the Federal Trade Commission on how to avoid identity theft. For more information, please visit http://www.ftc.gov/idtheft or call 1-877-ID-THEFT (877-438-4338). A copy of Take Charge: Fighting Back Against Identity Theft, a comprehensive guide from the FTC to help you guard against and deal with identity theft, can be found on the FTC’s website at http://www.ftc.gov/bcp/edu/pubs/consumer/idtheft/idt04.shtm.
Maryland residents may also wish to review information provided by the Maryland Attorney General on how to avoid identity theft at www.oag.state.md.us/idtheft, or by sending an email to idtheft@oag.stat.md.us, or calling 410-576-6491.
North Carolina residents may also wish to review information provided by the North Carolina Department of Justice Consumer Protection Division at PO Box 629, Raleigh, NC 27602 or calling 919-716-6000.