Two charges to Root Insurance appeared on my account Tuesday, Feb 4. I went to the branch, got a new debit card, and the charges were reversed Friday 2/7, but it was over $500 “pending” against my account for 3 days. Fortunately at this time that didn’t cause a problem. The only transaction that I used my debit card for, other than a local ATM withdrawal, in 2020 up until 2/4 was to Milan Tobacco. I had a friend, who has the tools and expertise, check their site out and he reported back :
“Dear god
I can't believe I bought a bag of Eso looking at their site code now.
It's some niche ecommerce suite not many people use.
I was reading the code on the checkout page for the credit card widget, way too much of it is browser side.
I can't say for sure it was them, but I would not put any information in that site.”
I was hacked through information left with Peretti 18 months or so ago, and one of the “beneficiaries “ was another auto insurance company, like Root, with an online presence. I actually spoke with one of their fraud investigators, and she told me these hackers apply and pay for a policy on line, then say they don’t want it (many states have a “free look” or recession period) and manage to get a refund of the premium if there isn’t a fraud reported in the interim. I imagine Root Insurance is in the same boat as the company I spoke with.
So,
@shanez is giving solid advice. Milan seems to be more vulnerable than they ought to be, but any site can be hacked.BTW, my branch can now emboss a new debit card right there in the branch, rather than have to wait 7-10 days like I did the last time I was hacked. That tells me something.