On February 18, MyPlane, dba MyPilotStore.com, discovered that their database containing their customers’ names, addresses, telephone numbers, e-mail addresses, and credit card information had been hacked. According to the firm, some customers received a “nominal fake charge to their credit card by a company not associated with us.”
By letter dated March 19, MyPilotStore notified the New Hampshire Attorney General’s Office of the steps they had taken upon discovery of the breach, including immediately notifying their merchant bank, Wells Fargo, as well as the major card issuers and the Secret Service office in Arizona.
Corbin Glowacki, the firm’s founder and President stated that based on the firm’s investigation, they do not believe that the breach was widespread and that it was limited to a “small number of customers.”
Somewhat oddly, Glowacki attempted to reassure those notified by pointing out that CCV data were not involved in the breach, “therefore making it highly unlikely it can be used for identity theft.” Since the hackers had already misused the information enough to run at least a micro-scam or test on the card numbers, such reassurances combined with advice to the customers to check their credit card statements seems somewhat overly reassuring to this blogger.
No mention was made in the notification of any free services being offered to customers to assist them, and it is not clear whether a different letter was sent to those whose card numbers were actually misused advising them to cancel their cards and/or offering them any free services.