To Our Valued Customers

We have received a number of questions in regard to our email of 7/17/14. As you may be aware, SKS Bottle and Packaging, Inc. became aware of unauthorized access to customer payment data for transactions performed at our company's e-Commerce web site. You should remain vigilant for incidents of fraud and identity theft by regularly reviewing your company's corporate bank account statements. If you discover any suspicious or unusual activity on your statements or suspect fraud, you should report it immediately to your financial institutions. You may also wish to contact the Federal Trade Commission or local law enforcement to report incidents of identity theft. The FTC can be reached at 1-877-IDTHEFT (438-4338). Below are some of the most frequently asked questions SKS has received to date. We hope that you find this additional information helpful. We may continue to provide updates as more information becomes available from the ongoing investigation.

• Q. Why am I receiving this information now?
• A. At this time, we have log indications of traffic originating from the attackers beginning in September of 2013. This is not to say that is when SKS knew about the potential breach. SKS Bottle and Packaging learned of the breach only recently. We performed initial investigations to confirm the compromise and promptly notified customers on 7/17/14. However, we have not yet been able to confirm if this is how early payment card information had been compromised. At this time, we are providing the dates as we learn them. Once we have a more concrete time line, we will update all customers at that time.
• Q. Has my information been stolen?
• A. The investigation is still ongoing and we do not have sufficient information on whose payment card information might have been stolen. However, we suggest that all customers review their financial statements and alert their financial institution to any suspicious transactions.
• Q. Is it only Visa cards that may be involved?
• A. Visa was notified because the Cardholder Information Security Program (CISP) is a Visa program. In 2004, the CISP requirements were incorporated into an industry standard known as Payment Card Industry (PCI) Data Security Standard (DSS) resulting from a cooperative effort between Visa and MasterCard to create common industry security requirements. Visa, however, continues to manage all data security compliance enforcement and validation initiatives. Because Visa mandates certain timelines and notification procedures, this is why Visa was notified. This is not to say that Visa is the only credit card type compromised as part of this breach. At this time, what we do know is that any credit card used on the www.sks-bottle.com web site during the September 2013-July 2014 time frame has been provided to our Merchant Bank and Visa as having been potentially compromised.
• Q. Is it safe to place new orders on our website?
• A. At this time, we have not seen any indications that the new www.sks-bottle.com web site and server have been compromised and believe it is now safe to process credit cards on that server. As an alternative, customers are welcome to call our Inside Sales Department and process orders over the telephone.
• Q. Why is SKS storing personal information?
• A. We have historically never stored payment card information on our servers. However, we believe that the hackers who infiltrated our server turned on a feature within our e-Commerce application that caused it to begin writing payment card data to a database, where it was then extracted. This was not a default setting nor deployed in this manner by SKS Bottle and Packaging. Immediately following identification of the breach, we disabled this function and payment card information is not being stored in our systems.