Dear Customer

We are very sorry to have to tell you that a number of customers who have used our website have had their card details stolen and used by criminals.

ALL CUSTOMERS THAT HAVE ENTERED CARD NUMBERS ON OUR NEW WEBSITE PLEASE CHECK YOUR ACCOUNTS FOR SUSPICIOUS CHARGES OR ATTEMPTED CHARGES.
If you see any please contact your company that issued your card.

At the moment no one is sure how this has happened. There are several internet security firms investigating everything and we will keep you all updated as soon as we can.

There is no sign of any intrusion into the server where the card number and expiry date information that we keep is encrypted*. The CVV number is not stored.

After looking at the information we have received we think this mainly affects some customers who have sent us an order in the last 2 weeks though there are 3 from September.

We have been contacted by about 40 customers so far but are not sure how many others have had their cards compromised but have not told us yet. If you know your card has been compromised PLEASE tell us. Please send us as much information as you can as soon as you can. We need as much information as soon as possible.

Please look out for small 'insignificant' test charges of under $5.00 followed by larger charges of varying amounts. Charges have originated from different countries and in different currencies.

Until we have found out what has caused this problem and it has been fixed we have closed the website. None of the experts can find any problems with it but until the problem is resolved we prefer not to take any risks.

We have deleted ALL card numbers from the website database. We are aware that a few of you wanted access so you could delete your details but we have done this for everyone.

Paypal. We have been asked why we do not accept it. There are 2 reasons. Firstly when we started work on the new website 4 (four) years ago we could not get it to work with the fully stock controlled warehouse that we wanted to run. We did some trials but it took too long for payments arrive in our bank account which would seriously have delayed the despatch of orders. Things have now improved. Secondly it was too expensive. 3 times the cost of handling Visa and Mastercard. All our payments are now handled by Sage pay, a large British firm. Recently they have started working with Paypal and our website designers had been doing some work to incorporate it into the website. We are going to speed up the work on this and try to get it incorporated quicker.

We will re-open the website as soon as we can but will not be rushing into it.

Thank you for your help and understanding.

ALL CUSTOMERS THAT HAVE ENTERED CARD NUMBERS ON OUR NEW WEBSITE PLEASE CHECK YOUR ACCOUNTS FOR SUSPICIOUS CHARGES OR ATTEMPTED CHARGES.
If you see any please contact your company that issued your card.

* This data is stored so that customers do not have to enter it each time they order and so that we can run a back order service.

Dear Customer,

Investigations are still on-going but so far no problem area or trace of illegal entry can be found anywhere. How the card numbers were taken is still a mystery. Two firms are still looking at everything and we hope to have their reports in soon. For now we are still not prepared to fully re-open the website.

We have PARTIALLY re-opened the website. We have done this so you can check that we are telling the truth that the card details have been removed and so that you can use all the other parts of the site. We suggest that while you are logged in you also check any items that are on back order and/or in your cart and adjust as required.

Currently you cannot enter new card details at this time or send orders to us but most other facilities are still operating as usual.

We have temporarily stopped sending out back orders just in case sending the data that goes with ordering is where the problem is. We have been told that it is encrypted everywhere and is not a problem area so now we do not think it is but we need to be certain.

TELFORD SHOW ORDERS. To send us an order for collection at the show please add a Collect from show address with your name on as usual, add what you want to buy to your cart as before BUT then email us to say it is there in your cart. We will then download it and have it ready for collection and payment at the show. You do not pay until you collect so we do not need any payment now.

MAILORDERS. WE CAN NOW ACCEPT ORDERS THIS WAY... Please put your order in the cart as normal then TELEPHONE or FAX us with your card details. We will then download your order and attach the card details to the order. We will then be able to process your order. Our email is not secure so we cannot recommend you send your card details that way.

Please be aware that the cart only 'remembers' items if they are actually saved in the cart. Items in the Quick Order only do not get saved.

We will email more information as soon as we can. Quite a few customers have told us that they are on the emailing (Hot News) list but have not received an email from us. We think this is because they are being stopped as spam. Mostly the customers are with Hotmail, Yahoo, AOL and of course BT. If you can pass our emails to any of your modelling friends please do.

Everyone at Hannants would like to say a massive 'thank you' for the emails, and phone calls of support, help and encouragement you have sent us. With the exception of about 8 people your support has been fantastic.

Congratulations should also go to the worlds banking system who seem to have spotted and stopped the majority of the charges before they got to the customer.

Best regards

Hannants

Dear Customer,

Two of the investigations into our problem and have come back but failed to find anything significant.

We have analysed a lot (but not all yet) of the information our customers have sent us. We can confidently say that no information was captured as orders were transmitted. This means that we should be able to re-open the website quite quickly.

However it does mean that we still do not know how the data was accessed and so have to recommend that anyone who registered their card details on the NEW website CANCEL the card with their bank. We realise this is annoying, irritating, time consuming and inconvenient but we think it is the safest thing to do under these circumstances.


PLEASE CANCEL ANY CREDIT OR DEBIT CARD THAT WAS REGISTERED ON OUR NEW WEBSITE. (registered on or after March 23rd 2010)


We will re-open as soon as possible with a new system that does not remember the card details. This will be annoying for our customers who order regularly and will not want to enter their card details each time but we think it is the best way to go at the moment.

This will mean that we will not be able to automatically send any back orders. We will NOT be cancelling any back orders and will send you all revised Back Order details as soon as we have decided on the best way to handle them. For the moment you can add any available items to your cart and then phone or fax your card details through. Then we can download the order from your cart and attach the card details. We will charge and despatch as soon as we can.


TELFORD SHOW ORDERS. To send us an order for collection at the show please add a Collect from show address with your name on as usual. Add what you want to buy to your cart as before BUT then email us to say it is there in your cart. We will then download it and have it ready for collection and payment at the show. You do not pay until you collect so we do not need any payment now. The country in the delivery address should be Collect from show NOT United Kingdom or any other country.

MAILORDERS. WE CAN NOW ACCEPT ORDERS THIS WAY. BUT ONLY THIS WAY PLEASE. Please put your order in the cart as normal then TELEPHONE or FAX us with your card details. We will then download your order and attach the card details to the order. We will then be able to process your order. Our email is not secure so we cannot recommend you send your card details that way though we know a lot of you will.

PLEASE DO NOT PHONE OR FAX OR POST YOUR ORDERS TO US AT THE MOMENT. WE ARE GRATEFUL FOR FOR YOUR ORDERS BUT CANNOT LOAD THEM TO THE WEBSITE AS QUICKLY AS YOU CAN.

We are sending this email via 2 methods so as to try and get it delivered. We apologise if you receive it twice.

We are still receiving immense amounts of support and help and we thank you all for it.

Best regards

Hannants.

Congratulations should also go to the worlds banking system who seem to have spotted and stopped the majority of the charges before they got to the customer.

Best regards

Hannants