Card fraud

SHADES

Nessie - mmm, not sure.  But they're operating in this country, we're paying for services in this country.   At least we seem to be making progress on informing race organisers about the other side of dealing with Active.com.

barry Taylor 10

Used the company to book Newport, Wales marathon...without warning or explanation 2 bank cards reissued. Fortunately there doesn't appear to be any money taken. Now this information is coming to light and a common link among everyone i know.

SHADES

barry - join us on the FB group as we have a poll listing events where we have entered via active and then had problems with our cards.

Loch Ness marathon have offered me an alternative way of paying my entry fee, if I decide to go next year.  I believe a Glencoe race is also offering runners alternative ways to enter their race. 

legopirate27

Damn... I got caught out on this as well. Recently became a victim of credit card fraud. Didn't know where my information was obtained from, but there are multiple runners I know who have been effected now. Thanks for getting this information together.

SHADES

Active.com have now sent out emails saying that there has been a 'security incident' over a 10 month period, so they've finally admitted that their website is unsafe.   I haven't got a copy to paste on here but will if I can, don't want to paste one with another runners name on.   
I deleted my account but I should still have been sent an email as I used the website in that 10 month period.  I will never use Active.com again and if we all refuse then race directors will take action/

SHADES

Here's a copy of the email

"We are writing to inform you that we recently became aware of a security incident involving the ACTIVE Network, including ACTIVE Works and ACTIVE Endurance (“Active”) which may have impacted your personal information.
What Happened
Active recently identified suspicious activity on one of its systems. We worked with leading cybersecurity firms to determine that the activity related to transactions manually keyed in by users while checking out on the Active website between December of 2016 and September of 2017. During this time period, personal information that you provided as part of the checkout process may have been accessed by unauthorized third parties.
What Information Was Involved
The information may have included your name, address, email address, credit or debit card number, expiration date, and cardholder verification code (the three- or four-digit value included on the front or back of payment cards and used for verification of certain transactions).
What We Are Doing
As soon as Active identified the suspicious activity, it engaged leading cybersecurity firms to investigate the incident and took steps to enhance its monitoring tools and security controls. Active has also taken steps to contain and remediate the incident and is notifying the Information Commissioner’s Office.
What You Can Do
We encourage you to be diligent in watching for unauthorized activity associated with your payment card accounts and to quickly report suspicious activity to your bank or credit card company. The phone number to call is usually on the back of the credit or debit card.
If you suspect potentially fraudulent activity associated with the use of your payment cards or your personal information, you may find it helpful to consult the resources on the National Fraud and Cybercrime Reporting Centre's website, Action Fraud, available here: https://www.actionfraud.police.uk/support_for_you.
For More Information
We apologize for any inconvenience this incident may cause. You may contact us toll-free at 001-800-338-3104, between 12:00pm and 6:00am (UK time), if you have any questions or would like additional information about this incident".

adrian fell

Yes Active have finally responded & it's as disingenuous as they have been throughout.  "we recently became aware"...... except I emailed them many times since November 2017 & they didn't even have the courtesy to reply.

Their email below can be paraphrased thus: "Our security was utterly insufficient.  We got compromised.  We've known about it for months but tried to hush it up.  Now we think we've fixed it we're telling people."


Here is their version:

"We are writing to inform you that we recently became aware of a security incident involving the ACTIVE Network, including ACTIVE Works and ACTIVE Endurance (“Active”) which may have impacted your personal information.

What Happened

Active recently identified suspicious activity on one of its systems. We worked with leading cybersecurity firms to determine that the activity related to transactions manually keyed in by users while checking out on the Active website between December of 2016 and September of 2017. During this time period, personal information that you provided as part of the checkout process may have been accessed by unauthorized third parties.

What Information Was Involved

The information may have included your name, address, email address, credit or debit card number, expiration date, and cardholder verification code (the three- or four-digit value included on the front or back of payment cards and used for verification of certain transactions).

What We Are Doing

As soon as Active identified the suspicious activity, it engaged leading cybersecurity firms to investigate the incident and took steps to enhance its monitoring tools and security controls. Active has also taken steps to contain and remediate the incident and is notifying the Information Commissioner’s Office.

What You Can Do

We encourage you to be diligent in watching for unauthorized activity associated with your payment card accounts and to quickly report suspicious activity to your bank or credit card company. The phone number to call is usually on the back of the credit or debit card.

If you suspect potentially fraudulent activity associated with the use of your payment cards or your personal information, you may find it helpful to consult the resources on the National Fraud and Cybercrime Reporting Centre's website, Action Fraud, available here: https://www.actionfraud.police.uk/support_for_you.

For More Information

We apologize for any inconvenience this incident may cause. You may contact us toll-free at 001-800-338-3104, between 12:00pm and 6:00am (UK time), if you have any questions or would like additional information about this incident".

SHADES

Adrian - I'm forwarding the email to race organisers that I know, they've not been kept informed at all.   They've been told that Active.com is safe 

adrian fell

Good idea. It's the race organizers that need to take action here. Runner's are forced to use Active or not run in any race that uses them otherwise.

SHADES

Adrian - some race organisers are willing to accept entries by other means, we're encouraging runners to ask.

Nessie

I used Active during that time, and haven't had that email - despite having had my credit card cancelled a week before Christmas!

SHADES

I don't think they've sent the email out to everyone that they should have.

Good to see that the press are picking up the story but so far only in Wales 

http://www.southwalesargus.co.uk/news/16109012.Gwent_events_affected_by_security_breach_on_events_website/

http://www.bbc.co.uk/news/uk-wales-43492367

SHADES

Good to see RW have an article on the Active.com credit card fraud

https://www.runnersworld.co.uk/events/credit-card-details-from-runners-potentially-at-risk-in-a-security-breach