Julep Stroke of Midnight Mystery Box Available Now + COUPON!

I got this in the mail yesterday, I don’t have the products in front of me, but they included:
Rock Star hand crème
Nude lip liner
Light on your lips lipstick in Can-Can (a bright red color)
There were I think maybe 3 or 4 additional nail polishes included.
They forgot to include the clutch but emailed me about it. that will be in a separate shipment.

Did anyone get this box? I want spoilers…(no my credit card info was not stolen but it’s been on file with them over a year)

I have USAA & they’re really on the ball with fraud. I remember when I got a new job & needed a whole new wardrobe, I made a series of large purchases in one day. They called me & were like “Is this you?”

I checked my statement & nothing seems off. If something was, they would have contacted me by now.

Since it seems like I am the only one to get notification in the mail, I thought I would transcribe what the letter says:

“You are receiving this notice to provide information about an incident involving exposure of certain personal information, as well as to receive our apology.

Late on November 8, 2016, we discovered an unauthorized third party hacker gained access to a portion of our website. The hacker was able to divert certain data entered on our website between, approximately, November 6-8, 2016, from our normal tokenized payment data pathway into a pathway created by the hacker.

The hacker was able to divert payment card information such as your card number and other information typically necessary to make a purchase. This appears to have been limited to new customers and existing customers who updated their information.

… (i’m cutting out some rambling about how efficient and lawful Julep has been, it’s just blah blah trying to remedy the situation blah blah reviewing security practices)

… We are offering you complimentary access for 12 months to CSID protector and identity restoration services, offered through CSIdentity Corporation, an Experian-affiliated company…

… In the short term, we advise you to remain vigilent… in the longer term, we encourage you to take advantage of your complimentary access to the CSID services, YOU MUST COMPLETE THE ENROLLMENT PROCESS BY DECEMBER 17, 2017 or you will not be eligible to enroll.

… you may also want to consider contacting the major credit bureaus to place a security freeze on your credit file. …The cost to place and lift a freeze depends on state law…”

And then there’s contact information for all the major credit companies, should you need to reach out.

So basically, you better hope they mail you the form to enroll for services, if you need them, and they aren’t paying for you to put a freeze on your credit card but they suggest you pay for it, and they aren’t refunding the cost of our purchases or anything… Not really much of an “apology” in my book, and definitely too little, too late. The date on the letter was December 9, so this also took them over a month to publish and mail out.

Wow. And not in a good way. One of my credit card providers was hacked. No notification, new card just showed up with a very lame explanation. Now I have to go through what another poster had to do,which a pain in the wax. On a slightly different theme, over the weekend, a second party provider was attempting to sell a glamour mystery box. The tech problem went on for at least 48 hours. I remember thinking that if they can’t get an order page to function, how do I know these people are capable of keeping my data secure? I am considering cutting most of my boxes simply as a security measure. I like boxes, but given a choice between boxes and data security, security wins every time.

Wow, now I’m concerned about my credit card. I haven’t received any notification from Julep. If they are just completely ignoring it and it affected all the cards that were on file I will definitely be cancelling my subscription and not ordering from them again. That’s just irresponsible and bad customer service.

I can’t believe they haven’t contacted me, since I have a card on file with them! I tried to delete the information, but I can’t do it online without adding a new card. :\

I didn’t receive any notification either. I just called to cancel. The customer service rep said that they didn’t have one big hacking event but have had reported issues. She was very helpful and understanding and assisted me in canceling my account and changing my credit card number to XXXXXXXXXXXXXXXX in their system. Evidently they can’t delete it but can make it useless. ???? I don’t know what their database structure is, but if the card is saved for past purchases in case of returns/refunds, I’m not sure how much good that did. I like the Julep business model but the lack of notification of these security issues was too much.

1

I was on the fence about subscribing but definitely will pass now. I ordered a few things from them a while back and was very annoyed that they kept my credit card number right there on the site in my “account information” with no way for me to remove it. I had to call them and have them take it off the site manually. They said I would have to call them to “reactivate” it if I wanted to order again. I take it that means they were still holding on to my number. Now I don’t know if I should be worried or not.

My card was stolen as well. WTF

The hacking is frightening (and annoying). I just signed up two days ago and was already hesitant because I noticed their security didn’t seem very good. Does anyone know if they have resolved their security issues and whether it’s safe to continue? I’m inclined to cancel my subscription and have them delete my info. Not worth the hassle of getting a new credit card :/

I am trying to purchase the mystery box with the free polish coupon code. Once I added the nail polish and then the promo code along with the mystery box I got a credit of 11.20. Then I clicked on checkout and the free polish credit was gone. Then I tried to enter the “freedecember” code again with the message invalid coupon code. So annoying, now I will have to call and hopefully get the credit for the free polish.

HEADS UP: I received a notice in the mail YESTERDAY about how Julep’s website was hacked back on NOVEMBER 8, with the hacker gaining access to purchasing information/credit card #s.

Luckily, the card I used was with Chase, who have an excellent and active team on the lookout for fraud and theft, and while I was out and about with coworkers I received a text from them alerting me that someone had spent $800+ dollars at Ross, and asking if it was me – it wasn’t. So, I got connected with customer service straight away, the charge was declined, and I got a new credit card. It all resolved itself quickly and easily – BUT, I shudder to think what would have happened if I hadn’t gotten that text alert right away, and had to really prove I didn’t make those purchases.

All of this is to say, Julep lost my trust by waiting over a month to inform us of the security breach, and while I appreciate that they are providing identity restoration services to those who need it, I don’t think that makes up for the damage they caused.

Soooooo I will not be purchasing from them again.