I got a letter Friday that looked like junk mail from AIM Inc. I almost tossed it but decided to open it. It said that they had been hacked and that the images of the driver's licenses of ammo buyers had been compromised.

The AIM Surplus site does not mention it and they did not send emails to buyers. I emailed them and they admitted that it was true and that they were offering 1 year free credit monitoring. That part was in the letter which is what made me think that it was a scam; there was no email address, only a phone number, and the return address on the envelope was PA and not OH.

It seems to be legit, but I'm not happy with the way AIM handled it.

Pat

Lovely. Thanks to the VA, OPM & Sony's data repository operation if these were cumulative we'd all have free monitoring* for the rest of our days.


* No not that kind; NSA's gotcha covered already on that.

Yikes!

Ok, here is the bad news. This type of breach is more significant than most online hacks of just credit card numbers or SSNs. How it didn't make headlines is beyond me.

The worse news: Most hackers understand that people get one year of credit monitoring and will let some data like this "cook" for 13 months after a breach notification, at which point the "free" credit monitoring goes away.

The good news: Placing a freeze on your credit reports if you've received one of these letters is really easy and free. The credit report is also the only way of actually significantly decreasing fraud in your name. The only pain point is that you'll have to keep a protocol sheet handy for when you apply for credit lines to call the reporting agency that the credit company you are applying to uses and temporarily unlock your data.

Here is an article from a security researcher that goes into a significant level of detail on why you should really just bit the bullet and get that freeze done:
http://krebsonsecurity.com/2015/06/how-i-learned-to-stop-worrying-and-embrace-the-security-freeze/

Here is another whitepaper (a useful one, not a sales whitepaper) on the same subject (more of the same data, but just in case you wanted a different source:
http://uspirg.org/sites/pirg/files/reports/USPIRGFREEZE_0.pdf

And finally, here is the FTC on the same subject:
https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs

In summation, take the time to get your credit freeze now and save yourself headache later.

Someone posted a copy of the letter they received online:

Sirs,

You may have been targeted for a phishing job (social engineering). That same text from your notification letter can be found here:

https://www.msgo.com/threads/aim-site-hacked.69831/

Look specifically for a post, on page 1 of 3, dated April 30th with an image referring to Bulk REEF Supply from "TankerHC". Addresses, locations and names claimed have several mismatches it appears.

Regards,
Volunteer


Yikes!

Ok, here is the bad news. This type of breach is more significant than most online hacks of just credit card numbers or SSNs. How it didn't make headlines is beyond me.

The worse news: Most hackers understand that people get one year of credit monitoring and will let some data like this "cook" for 13 months after a breach notification, at which point the "free" credit monitoring goes away.

The good news: Placing a freeze on your credit reports if you've received one of these letters is really easy and free. The credit report is also the only way of actually significantly decreasing fraud in your name. The only pain point is that you'll have to keep a protocol sheet handy for when you apply for credit lines to call the reporting agency that the credit company you are applying to uses and temporarily unlock your data.

Here is an article from a security researcher that goes into a significant level of detail on why you should really just bit the bullet and get that freeze done:
http://krebsonsecurity.com/2015/06/how-i-learned-to-stop-worrying-and-embrace-the-security-freeze/

Here is another whitepaper (a useful one, not a sales whitepaper) on the same subject (more of the same data, but just in case you wanted a different source:
http://uspirg.org/sites/pirg/files/reports/USPIRGFREEZE_0.pdf

And finally, here is the FTC on the same subject:
https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs

In summation, take the time to get your credit freeze now and save yourself headache later.

Someone posted a copy of the letter they received online: