The Official Forum  

Go Back   The Official Forum > Basketball

Reply
 
LinkBack Thread Tools Rate Thread Display Modes
  #1 (permalink)  
Old Wed Aug 26, 2020, 11:29pm
Official Forum Member
 
Join Date: Dec 2014
Posts: 1,742
Arbiter Data Breach

Anyone else get the Arbiter data breach notification today? I changed my password and signed up for the offered Experian monitoring.

I recall past discussions about Arbiter’s security vulnerabilities and lax encryption. It would seem the chickens have come home to roost.

If Arbiter was concerned about emerging competition before, that concern must now be quadrupled. It’s not a good time for the boys in Sandy, UT.


Sent from my iPhone using Tapatalk
Reply With Quote
  #2 (permalink)  
Old Thu Aug 27, 2020, 05:17am
Official Forum Member
 
Join Date: Nov 2009
Location: Columbus, OH area
Posts: 18
I received the email also but have been skeptical of its authenticity because of the wording about the involvement of "my child's information". I just haven't taken the time to call or email Arbiter. Here is the first paragraph of the email:
ArbiterSports is committed to protecting the confidentiality of our customers’ information. We are writing to notify you that we recently identified and addressed a data security incident that involved some of your child’s information. This notice provides you with a description of the incident, our response, and the steps you may take.
Reply With Quote
  #3 (permalink)  
Old Thu Aug 27, 2020, 06:53am
LRZ LRZ is offline
Official Forum Member
 
Join Date: Mar 2014
Location: SE PA
Posts: 768
I got the email yesterday, but mine reads "a data security incident that involved some of your information." My guess is the "child's" was just an error by the author of the email, corrected when discovered. But until I'm sure of the email's authenticity, I am not going to share my SSN.
Reply With Quote
  #4 (permalink)  
Old Thu Aug 27, 2020, 07:42am
Official Forum Member
 
Join Date: Dec 2014
Posts: 1,742
Well, I’m pretty discerning, and what I received yesterday did not have any of the classic attributes of a hoax. If it was a hoax, it is by far the most sophisticated I have ever seen.

I’m very confident that what I received yesterday was not the product of a Nigerian prince.


Sent from my iPhone using Tapatalk
Reply With Quote
  #5 (permalink)  
Old Thu Aug 27, 2020, 07:45am
I got a Basketball Jones!
 
Join Date: Dec 2002
Location: Hunger
Posts: 937
Quote:
Originally Posted by crosscountry55 View Post
Well, I’m pretty discerning, and what I received yesterday did not have any of the classic attributes of a hoax. If it was a hoax, it is by far the most sophisticated I have ever seen.

I’m very confident that what I received yesterday was not the product of a Nigerian prince.


Sent from my iPhone using Tapatalk
And, it was sent to several unique email addresses that were only ever used on their site....
__________________
Lah me..
(In honor of Jurassic Ref, R.I.P.)
Reply With Quote
  #6 (permalink)  
Old Thu Aug 27, 2020, 08:46am
Official Forum Member
 
Join Date: Dec 2017
Posts: 295
It really bothered me that they knew about the data breach in mid July and took almost a month and a half to inform people. Very frustrating
Reply With Quote
  #7 (permalink)  
Old Thu Aug 27, 2020, 04:51pm
Esteemed Forum Member
 
Join Date: Aug 2005
Location: Connecticut
Posts: 22,934
Arbiter Breach ...

I received a USPS "snail mail" from Arbiter today regarding this subject.

Usernames, passwords, names, addresses, birth dates, email addresses, and Social Security numbers were all compromised.

Arbiter paid the hacker's ransom demand to delete the stolen files.

Arbiter suggests that we change our passwords and offered two years of free Experian Identity Works Credit 3B to protect our identities.

__________________
"For God so loved the world, that he gave his only begotten Son, that whosoever believeth in him should not perish, but have everlasting life." (John 3:16)

“I was in prison and you came to visit me.” (Matthew 25:36)

Last edited by BillyMac; Thu Aug 27, 2020 at 05:56pm.
Reply With Quote
  #8 (permalink)  
Old Thu Aug 27, 2020, 05:13pm
Statistician/Ref Hybrid
 
Join Date: Feb 2004
Location: 127.0.0.1
Posts: 1,037
Last month, my Arbiter session for my phone had expired. I had trouble logging back and had to use my desktop session to reset my password. I now wonder if my login issue was related to the breach.

Quote:
Originally Posted by sdoebler View Post
It really bothered me that they knew about the data breach in mid July and took almost a month and a half to inform people. Very frustrating
It's possible that there was an investigation into the breach and that Arbiter LLC had to wait for that to reach the point where they could disclose something definitive about what happened.

At least they notified users. Years ago, Honig's apparently had a breach of their online store data and didn't bother notifying customers. I only found out by chance when I read something online that that a state's attorney general either sued or threaten to sue them over their failure to notify customers from their state. I strongly suspect my card at the time was one of the ones compromised because I bought something from their online store around that time and my card was compromised the next day.
__________________
"Be kind whenever possible. It is always possible." – Dalai Lama

The center of attention as the lead & trail. – me
Games officiated: 525 Basketball · 76 Softball · 16 Baseball
Reply With Quote
  #9 (permalink)  
Old Thu Aug 27, 2020, 05:56pm
Esteemed Forum Member
 
Join Date: Aug 2005
Location: Connecticut
Posts: 22,934
Password Reset In July ...

Quote:
Originally Posted by Stat-Man View Post
Last month, my Arbiter session for my phone had expired. I had trouble logging back and had to use my desktop session to reset my password.
Same here, I had to reset my password.
__________________
"For God so loved the world, that he gave his only begotten Son, that whosoever believeth in him should not perish, but have everlasting life." (John 3:16)

“I was in prison and you came to visit me.” (Matthew 25:36)
Reply With Quote
  #10 (permalink)  
Old Thu Aug 27, 2020, 08:48pm
Official Forum Member
 
Join Date: May 2012
Location: Los Angeles, CA
Posts: 10
Experian coverage

Quote:
Originally Posted by BillyMac View Post
I received a USPS "snail mail" from Arbiter today regarding this subject.

Usernames, passwords, names, addresses, birth dates, email addresses, and Social Security numbers were all compromised.

Arbiter paid the hacker's ransom demand to delete the stolen files.

Arbiter suggests that we change our passwords and offered two years of free Experian Identity Works Credit 3B to protect our identities.

My letter says 1 year Experian membership....no an acceptable resolution in my opinion. Should be at least three years, but if you are getting two years for some reason than that reveals other issues that need to be addressed. With all the information they got what is to say that they did not also get our banking information that is on there for payments?

Last edited by gamefaceref; Thu Aug 27, 2020 at 08:50pm.
Reply With Quote
  #11 (permalink)  
Old Thu Aug 27, 2020, 10:08pm
Official Forum Member
 
Join Date: Nov 2002
Posts: 14,994
This adds more fuel the my fire in my ongoing dispute with Arbiter over their storage of our SSNs in their system. I object to that and have fought unsuccessfully for years now to be able to remove my personal info during the off-season. In fact, I prefer to only enter my SSN when the treasurer of my group runs payroll or creates the 1099s and then take it back out. The problem is that Arbiter locks the SSN field on the profile page and prevents you from changing or deleting the info therein. Please join me in calling the Arbiter personnel and demanding that we have control over this data and can remove it at will. It is not theirs and they are not our employers.
Reply With Quote
  #12 (permalink)  
Old Fri Aug 28, 2020, 08:37am
Official Forum Member
 
Join Date: Oct 2007
Posts: 780
Quote:
Originally Posted by gamefaceref View Post
With all the information they got what is to say that they did not also get our banking information that is on there for payments?
A friend called the number to ask this question. The response was that they will get back to him in 3-5 days. It might be best to talk to your bank and see if they suggest you close that account and open a new one.

All the information anybody needs to do an electronic transaction is on a check, so it's not like there isn't plenty of ways for this information to be obtained anyways. But, I don't like the fact that a known bad actor is known to have this information now.

FWIW, I have a separate bank account that I only use for officiating transactions (makes it easier for end of year accounting). I try to keep the balance low (around $1000...write a check to myself at the end of a season). If you are like me and have no choice but to work with Arbiter, you might consider something similar. At least it limits your exposure.
Reply With Quote
  #13 (permalink)  
Old Fri Aug 28, 2020, 09:25am
LRZ LRZ is offline
Official Forum Member
 
Join Date: Mar 2014
Location: SE PA
Posts: 768
I have a separate savings account for arbiter and several schools that pay by direct deposit. There is a $300 minimum to avoid fees, which is not a problem. Once I get maybe $400-$450 total, I transfer the overage into another account.
Reply With Quote
  #14 (permalink)  
Old Fri Aug 28, 2020, 10:58am
Official Forum Member
 
Join Date: Dec 2017
Posts: 295
Quote:
Originally Posted by Nevadaref View Post
This adds more fuel the my fire in my ongoing dispute with Arbiter over their storage of our SSNs in their system. I object to that and have fought unsuccessfully for years now to be able to remove my personal info during the off-season. In fact, I prefer to only enter my SSN when the treasurer of my group runs payroll or creates the 1099s and then take it back out. The problem is that Arbiter locks the SSN field on the profile page and prevents you from changing or deleting the info therein. Please join me in calling the Arbiter personnel and demanding that we have control over this data and can remove it at will. It is not theirs and they are not our employers.
I understand why they do it, for ease and integration into Refpay as an upsell. However, as with you I wholeheartidly agree they should not be storing this informatioin in the manner they do.
Reply With Quote
  #15 (permalink)  
Old Fri Aug 28, 2020, 10:59am
Official Forum Member
 
Join Date: Dec 2017
Posts: 295
Quote:
Originally Posted by Altor View Post

FWIW, I have a separate bank account that I only use for officiating transactions (makes it easier for end of year accounting). I try to keep the balance low (around $1000...write a check to myself at the end of a season). If you are like me and have no choice but to work with Arbiter, you might consider something similar. At least it limits your exposure.
Quote:
Originally Posted by LRZ View Post
I have a separate savings account for arbiter and several schools that pay by direct deposit. There is a $300 minimum to avoid fees, which is not a problem. Once I get maybe $400-$450 total, I transfer the overage into another account.
Good ideas, I had been considering this idea for taxes and tracking for a while, upset I didn't institure sooner.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Arbiter Pay bbman General / Off-Topic 6 Mon Mar 23, 2020 02:07pm
Arbiter, et al JetMetFan Basketball 33 Tue Sep 29, 2015 06:06pm
Electronic Zone Evaluation data. rbmartin Baseball 8 Fri Aug 30, 2013 09:21pm
Violence towards officials---data managment survey. kristal_15 Basketball 9 Tue Nov 15, 2005 02:05pm
Correctable Error: Good Game Mgmt or Breach of Ethics? Blackhawk357 Basketball 20 Fri Mar 07, 2003 11:13pm


All times are GMT -5. The time now is 11:31am.



Search Engine Friendly URLs by vBSEO 3.3.0 RC1