Rpgnow creditcard information stolen

[Soel]

Because that is the ethical thing to do.

It's not your call whether it is a concern or isn't; that's for your customers to determine for themselves. Your customers should be told there was a breach in security. They should have that right. Will it cost you business? Probably. But the shady way you're handling this by not informing ALL of your customers about a breach in security is going to hurt more.

I know I won't be dealing with you, just for the fact that you can't seem to fathom why your customers have a right to know their personal information might have been stolen. And what about those people who no longer maintain the particular email address you had on file? They have no way of knowing their information might have been stolen. Especially since there's no notice on your homepage.

What you should be doing is posting a notice on your homepage that explains what happened, when, who is affected, what steps they should take, what steps you have taken, and what actions have been made to prevent it from happening again. What you shouldn't be doing is trying to sweep it under the rug and make it go away as quickly as possible just so your sales don't suffer.

Do the right thing.

Well said. It should be the customer's decision as to whether or not they would conduct business with RPGNow based on this information. Not telling everybody as promptly as you can, is nothing less than shady.

I found out from these boards. I apparently didn't save my card info, and I don't have any questionable charges, so I'm fortunate. I should have gotten an email right when it was discovered. Its about trust, and not telling everyone does not instill a lot of trust with RPGNow for me.

 

[Fester]

But the hyenas are worse IMO. Those companies that are trying to use this to play themselves up are distasteful. Because I am just one person means I don't have much of a voice...

Make that two. Those coming here to pimp their sites and fuel the flames are just showing their unprofessionalism and disregard for the misfortune of others. I would have serious qualms about buying products from such companies in the future.

 

[Fester]

James, while I can understand RPGNow's reluctance to put up a huge announcement on the front page, there doesn't seem to be any information about the problem anywhere on the RPGNow site.

Surely it would be sensible to at least have some information about the problem somewhere on the site, so that customers who are worried can get more information about what happened, or at least know who to contact at RPGNow if they have questions about their particular account details?

It seems a little odd that right now, the only place for anyone to get more information about the problem is on third-party web sites. I know that if I'd been affected, I'd want to be able to check the facts directly with RPGNow, and not have to rely on other messageboards for information.

Just a suggestion...

I agree. This whole discussion should really be happening on their own forums and there really should be something on the RPPNow front page along the lines of "if you feel that you may have been affected, then please contact us immediately" etc, with contact details. And an apology. I don't think it has been handled very well at all.

I certainly sympathize with those who have been affected by the fiasco, who have a right to voice their concerns and anger.

I would also like to say to James that this will in no way affect my purchasing at RPG Now (or OBS, or whatever it will be called in the future). It appears that lessons have been learnt and hopefully the storage of personal data (and by that I mean any personal data) won't be taken so lightly.

I wish everyone affected by this the best of luck in 2007 ('cause you're probably due some).

 

[prosfilaes]

Well said. It should be the customer's decision as to whether or not they would conduct business with RPGNow based on this information. Not telling everybody as promptly as you can, is nothing less than shady.

Why? When GMC found that certain models of the Chevy Malibu had problems with the turn signals, they notified the owners of those cars. Should they have notified owners of all GMC vehicles? Posted it on the front of all Chevy dealerships? Ran an ad in prime time? Nobody publicizes their failures, and I don't see much reason to do so to people not directly affected.

 

[Silver Moon]

Okay, I googled my name. No stolen credit card information, but I did find out that there is a British rugby player who shares my name.

 

[DMH]

It appears that receiving prior-permission to post by a moderator or correcting misinformation is not enough change your opinion, and for that I'm sorry. But regardless, this is not the thread to be discussing the matter.

Joseph Browning
Your Games Now, LLC.

I mention General for a reason. General is here, Tabletop Open is there. I was talking about this thread, specifically post 122. There was no good reason to give a link when you have one in your sig.

Back to the subject at hand, I think rpgnow should mention it somewhere on their site with a link to it from the front page. It is not something to be played up, but still needs to be acknowledged to protect their customers.

 

[Steve Conan Trustrum]

Why? When GMC found that certain models of the Chevy Malibu had problems with the turn signals, they notified the owners of those cars. Should they have notified owners of all GMC vehicles? Posted it on the front of all Chevy dealerships? Ran an ad in prime time? Nobody publicizes their failures, and I don't see much reason to do so to people not directly affected.

Actually, when things like that happen GMC notifies more than just the customers. It takes pre-emptive steps to fight the bad PR and does indeed issue a general press release. I can play this game too: when the bacteria infested lettuce was causing problems this summer, were only people who had previously purchased lettuce directly sought out and informed? No. Why? Because:

a) how can you be sure you reach everyone affected? As is revealing itself here, people who KNOW they were affected aren't getting the email. Some sort of general announcement must be made to ensure people who may be affected are informed.

b) consumer confidence. The customer needs to see that RPGNow is aware of the problem and is on top of it. When people hear about GMC recalling a truck part they tend to think "okay, GMC is on the case and it won't affect me buying a vehicle from them in the future because I'll continue to research my options just as I always have" because GMC takes steps to let people know they're on the ball. If, however, you found out that GMC had done the recall in secret and tried to keep things as hush hush as possible, you'd likely think there was something underhanded involved and wonder what else you're not being told--your confidence as a customer would be more easily shaken.

More than a few publishers working with RPGNow are not happy with the fact (and rightly so, IMHO) that there hasn't been a proper attempt to address this event with the overall customer base. This lack of proper damage control has resulted in, among other things, emails being sent to publishers from customers saying (among other things, and to paraphrase) "I like your products but I won't ever shop at RPGNow again because of this" ... which is too bad considering some of these publishers recently signed exclusivity agreements with RPGNow.

"Damage control" and "responsibility to the customer" aren't just buzz words, and the handling of this situation isn't the simple, cut and dry process you erroneously believe it to be. There's certainly a bigger picture being affected here and addressing it properly requires more than what's been done so far.

 

[Turjan]

Well said. It should be the customer's decision as to whether or not they would conduct business with RPGNow based on this information. Not telling everybody as promptly as you can, is nothing less than shady.

I found out from these boards. I apparently didn't save my card info, and I don't have any questionable charges, so I'm fortunate. I should have gotten an email right when it was discovered. Its about trust, and not telling everyone does not instill a lot of trust with RPGNow for me.

I don't get this. Why do you want to get a message when your information clearly cannot be stolen, because it was never there?

Of course, a general announcement on the site would have been helpful.

 

[Michael Dean]

To RPGNOW: I also think that some acknowledgment of the problem on Rpgnow's website would have been appropriate. I know I for one had a heart-stopping few moments when I found out on a thread on rpgnet. My first stop was to go to Rpgnow and found...nothing. It wasn't until I came here that I learned that it only affected people who saved their information, but even then I had to rack my brain to remember if I had done that, even if it was only once. On top of that, I saw that at least one poster (GMSkarka) claimed that his info was stolen and he hadn't received an e-mail, so what am I supposed to think?

While I am fairly certain that I am not affected, I feel very badly for those who were, because there but the grace of God go I, and all that. My impression of how your company handled this would have gone up exponentially if you had met this head on with an announcement on your site. And far from me taking my business away, knowing immediately from the horse's mouth would have greatly improved my respect for you, and I suspect a lot of other people would feel the same way. I am not saying this to dog on you; I will continue to buy from you and in fact I just bought some stuff from you this morning. But I do think this was an opportunity lost for you guys.

 

[Michael Dean]

I don't get this. Why do you want to get a message when your information clearly cannot be stolen, because it was never there?

Because I for one had to really think back to whether I had saved my information on the website or not. I was pretty sure that I hadn't. But the thing is, I had to research two different third party websites to get any information at all that I wasn't at risk, as well as google the hell out of the web to see if my information was out there. That really should have been rpgnow's responsibility to notify its customers, if only to tell them that they were NOT at risk because their info was not saved. I certainly would have had much better feelings about the whole matter.