Originally Posted by IPodPJ
Professional handling? What professional handling?!?!?!!?
1) None of us were notified by e-mail. Luckily someone here on Head-Fi notified us.
2) I never told them to keep my credit card information on file. It should have been deleted the moment after I ordered, as I always re-enter my information when I purchase.
3) I've sent three e-mails to Monoprice customer support and have not received any correspondence whatsoever.
I doubt I'll ever buy from them again.
Let's be honest here. They don't know for sure if they've been compromised yet, they're just being cautious at this point. Most companies would try to cover this incident up and Monoprice instead chose to close their business for several days while an independent auditor looked through their logs- all without knowing if there really was a data breach or not. They even took the time to format and reinstall all of their servers which is expensive and time-consuming.
Yes, they should have deleted your information after the order was complete, and that was a failure on their part. Credit card numbers are often encrypted before even temporary storage but an attacker with root or admin access would have access to the key.
As far as the emails go, do realize that they are committing massive time and resources to sort this out. They're probably being flooded by emails right now asking questions that they don't have answers to as of yet.
Now if they do determine that credit card info was indeed stolen and they do not notify their customers- that would be a problem.
Edit: I have, of course, spent the 5 minutes on the phone to report the card as stolen.