The effects of the Fun Pub security breach have finally reached me personally. I woke up a few days ago to see a few password reset attempts at sites that used the same info as my Fun Pub membership. Since I work in IT, I have decent enough personal security practices, so the sites they were able to get into didn't have any financial info stored on them. However they were all sites that have the potential to access stored Credit Card info! iTunes, Amazon, and a few others. Luckily I don't store CC info, with a few exceptions. Based on what is publicly known about what the hackers were able to get from Fun Pub, and my knowledge of how online CC processing works, leads me to believe that Fun Pub was doing it all wrong. So wrong that they should probably have their merchant account dropped because there is no way they were meeting the terms required for processing & storing CC payments online. So wrong in fact, that they may be criminally liable! The major difference between Fun Pubs security breach and the others they reference is that the hackers not only got access to our payment info, BUT our passwords that were linked to that info. The iTunes hacking they so readily refer to, is completely different. The hackers only got access to the iTunes payment gateway, allowing them to make charges to that account. They never once got the actual payment information, or login details because that data is supposed to be encrypted. It would seem that all of our information was stored in a good old plain text database. Which means it wasn't encrypted which I believe is now a federal requirement for sites that are going to store your payment info online. The fact that the hackers got all of our info that was ever used with Fun Pub easily points to the security breach being on their side and not anything to do with their credit card processor. Poll Question: So what do you think is the proper level of repercussions Fun Pub should face as a result of their negligence?