ALERT: Hundreds of Lubavitchers and Crown Heights consumers are reporting that their credit cards have been fraudulently used to the tune of hundreds of thousands of dollars.
CrownHeights.info has received dozens of emails in the fast few days alerting us to the breach. One reader reported that his card was used for a purchase of $5,000 in a sports store in Indiana, while others reported small ‘test’ amounts used across the country.
Many have taken to social media to alert others to check their credit card statements and report fraudulent charges.
Some have been speculating as to the source of the breach after it became apparent that most of those victims are either in Crown Heights or Lubavitchers from communities around the United States as well as Canada.
One common denominator seems to have emerged, with many reporting that they have used the crowd funding donation site Charidy. One Facebook user wrote “brand new card compromised, only link is a Charidy donation…”
Charidy in turn issued to following statement on their Facebook page:
Dear Friends and Followers,
In the last 24 hours there have been people in the Brooklyn, Ny area who have been complaining that their cc numbers have been compromised. Many of these people have donated to charidy campaigns, and there is concern that our security has been breached. We have begun an investigation and have so far ascertained that there is no evidence of a breach in our security. Our 3rd party cc processing company has also confirmed that no cards have been compromised on their end. We have also found that a large percentage of people who’s cards have been hacked never donated on the charidy platform. We will be furthering our investigation and will be in touch. Please email firstname.lastname@example.org if you have any further questions.
This mass breach is reminiscent of a similar such occurrence last year where hundreds of credit card numbers have been stolen after shopping at the Marketplace in Crown Heights. The source of that breach was traced to a compromised server in the store.