Arbiter Data Breach

[justacoach]

Quote:

Originally Posted by crosscountry55

Well, I’m pretty discerning, and what I received yesterday did not have any of the classic attributes of a hoax. If it was a hoax, it is by far the most sophisticated I have ever seen.

I’m very confident that what I received yesterday was not the product of a Nigerian prince.


Sent from my iPhone using Tapatalk

And, it was sent to several unique email addresses that were only ever used on their site....

[sdoebler]

It really bothered me that they knew about the data breach in mid July and took almost a month and a half to inform people. Very frustrating

[BillyMac]

I received a USPS "snail mail" from Arbiter today regarding this subject.

Usernames, passwords, names, addresses, birth dates, email addresses, and Social Security numbers were all compromised.

Arbiter paid the hacker's ransom demand to delete the stolen files.

Arbiter suggests that we change our passwords and offered two years of free Experian Identity Works Credit 3B to protect our identities.

[gamefaceref]

Quote:

Originally Posted by BillyMac

I received a USPS "snail mail" from Arbiter today regarding this subject.

Usernames, passwords, names, addresses, birth dates, email addresses, and Social Security numbers were all compromised.

Arbiter paid the hacker's ransom demand to delete the stolen files.

Arbiter suggests that we change our passwords and offered two years of free Experian Identity Works Credit 3B to protect our identities.

My letter says 1 year Experian membership....no an acceptable resolution in my opinion. Should be at least three years, but if you are getting two years for some reason than that reveals other issues that need to be addressed. With all the information they got what is to say that they did not also get our banking information that is on there for payments?

[Nevadaref]

This adds more fuel the my fire in my ongoing dispute with Arbiter over their storage of our SSNs in their system. I object to that and have fought unsuccessfully for years now to be able to remove my personal info during the off-season. In fact, I prefer to only enter my SSN when the treasurer of my group runs payroll or creates the 1099s and then take it back out. The problem is that Arbiter locks the SSN field on the profile page and prevents you from changing or deleting the info therein. Please join me in calling the Arbiter personnel and demanding that we have control over this data and can remove it at will. It is not theirs and they are not our employers.

[sdoebler]

Quote:

Originally Posted by Nevadaref

This adds more fuel the my fire in my ongoing dispute with Arbiter over their storage of our SSNs in their system. I object to that and have fought unsuccessfully for years now to be able to remove my personal info during the off-season. In fact, I prefer to only enter my SSN when the treasurer of my group runs payroll or creates the 1099s and then take it back out. The problem is that Arbiter locks the SSN field on the profile page and prevents you from changing or deleting the info therein. Please join me in calling the Arbiter personnel and demanding that we have control over this data and can remove it at will. It is not theirs and they are not our employers.

I understand why they do it, for ease and integration into Refpay as an upsell. However, as with you I wholeheartidly agree they should not be storing this informatioin in the manner they do.

[sdoebler]

Quote:

Originally Posted by Altor

FWIW, I have a separate bank account that I only use for officiating transactions (makes it easier for end of year accounting). I try to keep the balance low (around $1000...write a check to myself at the end of a season). If you are like me and have no choice but to work with Arbiter, you might consider something similar. At least it limits your exposure.

Quote:

Originally Posted by LRZ

I have a separate savings account for arbiter and several schools that pay by direct deposit. There is a $300 minimum to avoid fees, which is not a problem. Once I get maybe $400-$450 total, I transfer the overage into another account.

Good ideas, I had been considering this idea for taxes and tracking for a while, upset I didn't institure sooner.

[Altor]

Quote:

Originally Posted by gamefaceref

With all the information they got what is to say that they did not also get our banking information that is on there for payments?

A friend called the number to ask this question. The response was that they will get back to him in 3-5 days. It might be best to talk to your bank and see if they suggest you close that account and open a new one.

All the information anybody needs to do an electronic transaction is on a check, so it's not like there isn't plenty of ways for this information to be obtained anyways. But, I don't like the fact that a known bad actor is known to have this information now.

FWIW, I have a separate bank account that I only use for officiating transactions (makes it easier for end of year accounting). I try to keep the balance low (around $1000...write a check to myself at the end of a season). If you are like me and have no choice but to work with Arbiter, you might consider something similar. At least it limits your exposure.

[LRZ]

I have a separate savings account for arbiter and several schools that pay by direct deposit. There is a $300 minimum to avoid fees, which is not a problem. Once I get maybe $400-$450 total, I transfer the overage into another account.

[Zoochy]

Quote:

Originally Posted by BillyMac

I received a USPS "snail mail" from Arbiter today regarding this subject.

Usernames, passwords, names, addresses, birth dates, email addresses, and Social Security numbers were all compromised.

Arbiter paid the hacker's ransom demand to delete the stolen files.

Arbiter suggests that we change our passwords and offered two years of free Experian Identity Works Credit 3B to protect our identities.

I got the same as BillyMac.

Aren't you a detective? Or was just back in 1976?

[BillyMac]

Quote:

Originally Posted by Zoochy

Aren't you a detective?

Hoo-Hoo



BillyMac is a detective down in Texas
You know he knows just exactly what the facts is
He ain't gonna let those two escape justice
He makes his livin' off of the people's taxes

[Stat-Man]

Last month, my Arbiter session for my phone had expired. I had trouble logging back and had to use my desktop session to reset my password. I now wonder if my login issue was related to the breach.

Quote:

Originally Posted by sdoebler

It really bothered me that they knew about the data breach in mid July and took almost a month and a half to inform people. Very frustrating

It's possible that there was an investigation into the breach and that Arbiter LLC had to wait for that to reach the point where they could disclose something definitive about what happened.

At least they notified users. Years ago, Honig's apparently had a breach of their online store data and didn't bother notifying customers. I only found out by chance when I read something online that that a state's attorney general either sued or threaten to sue them over their failure to notify customers from their state. I strongly suspect my card at the time was one of the ones compromised because I bought something from their online store around that time and my card was compromised the next day.

[BillyMac]

Quote:

Originally Posted by Stat-Man

Last month, my Arbiter session for my phone had expired. I had trouble logging back and had to use my desktop session to reset my password.

Same here, I had to reset my password.