In April of this year, I was walking into a market and glanced down at my phone to see two new emails. I read them only to find out that two really weird looking purchases were made on a credit card sitting in my pocket. I thought "aw crap, someone ran my numbers on some purchases" and I called the credit card company immediately to cancel the card and investigate the two most recent purchases.
Back in 1996, someone ran my ATM/VISA's card numbers halfway around the world for some jewelery purchases that emptied my bank account. Luckily, my bank noticed immediately and refunded the money and canceled the card. In this new case, it looked like someone bought two get-rich-quick ebooks online, but refunds were on their way. It felt like a problem solved enough that I continued my day.
A couple weeks later and I started getting phone calls from people on my private cellphone number and they knew my name. They were selling get-rich-quick systems and they were calling to "set everything up to start making money" because I had "purchased their wealth creation system". I started to freak out a little because running random numbers in credit card scanners is one thing, but knowing my name, credit card number, and private phone number is a heck of a lot worse. I began to freak out a bit. I ordered credit reports and started tracking my credit profile at various agencies. I changed every password on every online service I use and I began to be very cautious about signing up with new services.
I wracked my brain for months trying to figure out how and who might have access to this sensitive information. I spent the last couple years weeding out get-rich-quick scammers from MetaFilter and had sometimes publicly mocked cash gifting scammers in my twitter stream. Perhaps one of the people I banned from my site for spamming had somehow gotten my information?
An epiphany came when I read this news item at Bike Portland about Bike Nashbar's customer database being compromised (which Bike Nashbar did not inform customers of for SEVEN months while the security hole was open). I rarely shop there because they are obnoxious about advertising and send endless home mailers to you. Then I remembered that a set of very specific tires I couldn't find anywhere online for sale I ended up buying through bikenashbar.com late last year. I wondered if maybe I was one of the compromised customers, so I looked up my old credit card records to find the transaction. I looked at the card, and it was the one that emails me on new purchases.
A temporary wave of relief washed over as I finally figured out who my faceless hacker/stalker was that had my personal details: it was some website cracker that broke into Bike Nashbar's webservers and since I canceled the card within minutes of its first use, the nightmare was over.
Or so I thought — It turns out the moment my chargebacks were credited to my account four months later (it's a very long process), it appears each company in the get-rich-quick e-business game sold my information along to try and recoup some of their lost income. As a result, I've been getting 2-3 calls per day from people with various important sounding company names saying they just picked up a card I submitted saying I was interested in the exciting world of work-at-home business. Every time I tell these people it's a mistake and to please remove me, I only hear one thing: a dial tone.
It turns out people in the business of scamming people into thinking they can make thousands of dollars at home doing virtually nothing aren't big on customer service or helping people out.
To make a long story short: Bike Nashbar's poor programming resulted in thousands of credit card, address, name, and phone details getting into the wrong hands and they took months to acknowledge, fix, and notifiy customers (in my case I was never notified). I will never do business with them again, but I hope anyone reading this heeds the warning as well. Several months later, I'm still living with the daily headaches caused by Bike Nashbar's fuckup over a single purchase made last year and there are thousands of others like me.
Don't ever shop at Bike Nashbar.
A Whole Lotta Nothing 
Wow, thanks. I had almost the exact same experience (bought something from Bike Nashbar, got fake charges on my card, started getting phone calls), but had no idea it was Bike Nashbar to blame.
LikeLike
I kind of wish I’d read this a week and a half ago before I ordered some shoes from them. But even so, I’ve bought from them numerous times in the past so its all moot.
I don’t get why companies think not telling customers about data breaches is a good idea. It burns customers where honesty can win them.
Looks like I need another mail order bike supply company. Performance Bike is decent, any others I should know about?
LikeLike
Performance owns Bike Nashbar. For my own needs, I usually track down parts on eBay. The prices are good as they are often shops selling overstock at well below suggested retail.
LikeLike
I used to buy stuff from them. Few months ago my account was emptied in a series of charges (I was the proud purchaser of an $800 wedding dress, amongst other things, apparently).
I’d subsequently changed addresses and not updated it with Nashbar, but the guy who’s collecting mail from the old address said I got a letter from them saying my details had by stolen, blah blah blah, and to make you feel better here’s a 30% discount coupon for my next purchase with them.
I told him to bin it.
(FWIW, my best ever customer complain resolution was when I bought a GBP3.00 sandwich from Pret in London. It had a bit of wax paper in it that i bit in to – the sort of thing that might separate slices of cheese. Told the manager, he looked horrified and asked for my name and address, and gave me a refund. Few weeks later I get a letter from head office with GBP30 of Virgin Megastore gift cards for my troubles, and a further GBP20 of gift cards for Pret, with a note saying something about hoping I was able to forgive them and find a use for their cards at some point in the future. In summary, their response: “We totally messed up. We’ll buy you something nice at an unrelated store. If you can ever forgive us to come back, the next few visits are on the house.” That’s how you keep customers for life.)
LikeLike
Yes! Come to think of it, my debit card was compromised shortly after doing business with Nashbar…
LikeLike
I agree that the company flaked on security, but why would you ever use an ATM/ Debit card for such things? They offer little protection between thieves and your checking account.
I use American express for everything possible.
LikeLike
I mostly use my ATM/Visa card because I’m lazy and don’t want to just send the money to the CC company the next month and I don’t want to pay any pointless finance charges.
LikeLike
You should send this to consumerist.
LikeLike
My condolences. It is terrible Bike Nashbar did not contact you and worse that you’re still getting calls.
I, too, am a former Bike Nashbar customer. My account was compromised and used to buy whoknowswhat from a shady overseas website. The charges were reversed reasonably quickly, but it took another month for me to receive notification from Bike Nashbar. Fortunately, I have not gotten any unsolicited phone calls.
I am amazed that so many others were affected. Three people just in this one comment thread!? Scary.
LikeLike