Earlier today patrons of Wine Library received an email informing them that the credit card information they had used to sign up to the WineLibrary.com site may have been compromised in a data breach. The site is the hub of NYT Best Selling Author Gary Vaynerchuk’s family business, made famous by his popular and now retired television show Wine Library.tv.
While the email doesn’t reveal how many accounts were impacted, the site likely has hundreds of thousands of users.
The company reveals that it started investigating a possible breach in October when they received initial customer complaints, complaints which increased towards the beginning of November. The company removed all credit card data from its site on November 11th and last week confirmed that an IP address originating in China was used in the attacks.
The company says that its taking the breach “very seriously” and in addition to removing all existing credit card info, the new Wine Library site (with “new and best in class backend security protocols”) will use SSL, tokenized data and no longer store any credit card information on the site.
The email says that all parties whose data was compromised will be notified by Wine Library on how to proceed.
Full email below.
Dear Valued Wine Library Customer:
We are writing you today regarding a security breach that may have involved the credit card information you used to make a purchase at WineLibrary.com. While the full extent of the breach has not been verified – and it is possible you were not affected – we wanted to be sure to share with you what we could. This email is not intended to comply with statutory duties to notify you. We will comply with those duties separate and apart from this email. We wanted to get this email to you so that you could confirm that any credit accounts you used with us are not experiencing any adverse activity.
What you can do: Before we get into the specifics of what happened, we appreciate that you understandably want to know what you should do to ensure your private information is protected. We encourage you to consider the following:
• Contact the financial institution that issued the credit card you used to make a purchase at WineLibrary.com and make it aware of this notice and discuss how this may impact your account.
• If you call us, at this time it is unlikely we will be able to provide you with any more information than what is contained in this email. Voluminous calls
and emails could prevent us from being able to answer your questions.
• Additionally, per Federal law, you are entitled to a free credit report once a year via https://www.annualcreditreport.com/cra/index.jsp
Please know that we are working hard and doing what we can to resolve this issue and make sure something like this does not happen again. The following is what we know, what we’re doing about it, and what you can expect next.
What we know: When we began hearing from a few customers about possible fraudulent credit card charges in the middle of October, we launched an investigation. At that time, we did not know a data breach had occurred. However, as the number of these concerns increased in early November, we removed all credit card data from our site on November 11th since it became clearer that, although we couldn’t find a breach, something was going on. Last week we confirmed that an IP address from China was used to hack our website and potentially compromised customer credit card information. As far as we can tell, this did not affect any in store transactions.
What we’re doing about it: We are taking this breach very seriously. This is the first time in 15 years of being on the web and, in the 28-year history of our company, that we’ve ever encountered an issue as serious as this. Here’s what we’re doing to make sure it never happens again:
- We already removed all credit card numbers from our website.
- We are accelerating the launch of our new website, which has new and best in class backend security protocols to safeguard against these situations.
On our new website:
o Credit card information will never be stored
o All credit card data will be tokenized through a third party, meaning that even if someone takes the data they can’t do anything with it
o Will continue to use SSL (Secure Socket Layer) protocol to encrypt data
o Will be run on an upgraded system using modern software
- We have an independent forensic investigator looking into the situation to tell us the facts of the breach, to validate our new website protocols, and to tell us
what we can do better moving forward.
- We are notifying all relevant authorities and individuals required by law.
What you can expect next: If it has been confirmed that your data was breached you will receive formal notification in the coming weeks regarding any additional measures you can take.
For future purchases, existing customers can utilize our new website by logging onto WineLibrary.com and clicking the beta link at the top of the page, even though some of the inventory, search capabilities, etc. are still being finalized. We will soon switch to this new site permanently. If you are having trouble using our new website, our current website is no longer storing credit card data at all. If you are not comfortable making purchases via the website, you can always call 888-980-9463.
We cannot stress enough how sorry we are that this happened. We are working as hard as we can, as quickly as we can, and with whatever internal and external resources necessary to ensure this doesn’t happen again and that you all can shop WineLibrary.com without concern.
We know you may have questions or concerns and we are committed to keeping you up to date. However, as discussed above, if you call us, at this time it is unlikely we will be able to provide you with any more information than what is contained in this email. Voluminous calls and emails could prevent us from being able to answer your questions. Instead, we assure you that we will continue to keep you informed via email, our blog and in accordance with any applicable laws. We value your business tremendously and appreciate your support and confidence.
Wine Library | 586 Morris Ave | Springfield, NJ 07081