So...Knitpicks, huh?
If you're one of the folks who got burned, this blog right
here has some very helpful information on how to check your various credit reports, state law, and internet security.
Like everybody else in the Knitting 'Verse, I have been a big fan of Knitpicks for years. When my Knitpicks catalogue arrived in the mailbox, I would almost literally squee in delight and race home to check out all the pretties. As a Kromski owner, I was ecstatic when they started carrying their products, and while I have not bought any fiber from KP, I was very happy to see the expansion of their product lines into spinning and weaving.
I have ordered from Knitpicks on multiple occasions, and was always impressed with their customer service (and I am Seriously Picky about customer service, so I do not say this lightly). Shipments were always very fast, arriving well before the expected arrival date, and I never had any complaints at all about the quality of my items.
A good friend of mine has done some designing for Knitpicks, through their Independent Designers program. I was really impressed with the deal KP had with their designers: the artists kept the rights to their designs, a huge amount of support, advertisement online and in the catalogue, etc. Hell, any time my buddy wants free yarn to work on a design, they send it right off! FREE YARN, PEOPLE!!! :D
And then this whole debacle.
Now, I know the website wasn't "hacked". It seems to have been worse than that: private information was left in files on an unsecured server, and the perpetrators basically just helped themselves to folks' credit card numbers. That is bad enough, but it seems that the information theft actually began on December 21st, was not even detected until January 25th. Knitpicks did nothing to alert customers to the possible danger until February 17th. Many people found out about it via Facebook and Ravelry, or their credit card company/bank, rather than from the company they were so fond of.
I just don't get it. I received at least two emails from Knitpicks during this time period, and the theft of credit card numbers was never mentioned. KP claims that snail mail letters have been sent "to those affected", and though I have seen dozens of people talking about this on Rav and FB, noone seems to have received one of these magical letters. The Knitpicks blog post that finally showed up days after the news about the fraud broke seems to be problematic at best. On reading it, it really struck me as a Cover Your Ass post rather than an actual apology or attempt to deal with the situation.
By 'situation' I mean Knitpicks' negligence and disregard for their customer's online safety. No website is 100% safe, any site can get hacked/taken down. That's really not the point. The fact that it took KP a month to even figure out that information had been stolen is very worrying to me; the fact that they took another month to even TELL their customers about it is infuriating.
I love Knitpicks' products. Their yarn is some of my very favorite to work with. I had been saving up money from my Poor Stoodint Budget because I really, really, REALLY wanted a set of Harmony Wood Interchangeables. I had been lusting after those for several years, literally, and had finally started trying to set aside the bucks to get them.
This is probably all a tempest in a teacup. KP will revamp their security system, get their act together, and keep on selling yarn. But I think it will take quite some time before I feel like I really trust them again. I am really disappointed. Yet another large company just pays lip service to the idea of customer care, and when the shit hits the fan, it's not their fault. They didn't know! They really do care, really! No, no, really!
Meanwhile, there's
this: And
this:
And
this and
this.
Nobody has ever died because they couldn't buy some yarn. And I get to choose where I buy it.