I was surprised to read a news report tonight that Walmart.com had been hacked. Part of my surprise was due to the fact that mainstream media did not have the story but a site called SandhillsExpress.com in Nebraska was reporting it:
Ericka and Mike Hunt of Broken Bow were reviewing their bank account online this week and discovered a charge to Walmart.com for nearly $500.00 that they had not made. The Hunt’s contacted their bank, Wal-Mart’s Corporate Office, the Police Department in the town in Alabama where the order was to be shipped, and the local Police Department in Broken Bow. What they discovered is that someone has hacked in to the Wal-Mart records and stolen card numbers and personal information from several accounts. The Alabama Police Department told the Hunt’s that they were approximately the 15th phone call about the same problem. The Hunts were lucky to catch this problem quickly and were able to cancel the shipment and hope to have their money back soon. They also deleted their Wal-Mart account, which they had not used since last fall and changed passwords on all of their online accounts for precautionary reasons. They asked us to tell their story in hopes that no one else will be affected by this problem. We are awaiting a response from Wal-Mart’s Media Relations Department to get a comment on this issue.
I contacted Walmart tonight, and they promptly sent me the following statement by their spokesperson for eCommerce:
Customer privacy is a top priority to us. We’re aware of this particular matter and are working with the customer to help them resolve the situation. To be clear, there is no indication of an internal security breach of the Walmart.com system or accounts. In these situations, there are unrelated ways that third parties obtain user names and passwords, such as a phishing attack or by planting malware on users’ computers. Even in these situations, the full credit card number is not visible in a customer’s account. When we become aware of these matters, we work immediately with our customers to help them protect their online security.
Reporting that a large e-commerce site has been hacked when it hasn’t been can do unfair reputation harm to the business and make customers leery of shopping online there. I’m not sure how the Hunt’s “discovered” that someone had hacked Walmart’s server, but sometimes 2 + 2= 5.
In the meantime, there’s nothing to see here, so move along.