Jump to content

WHMCS shared our financial transaction information with an unauthorized third party


agentblack

Recommended Posts

Since we can't seem to get any response from WHMCS via a support ticket, their legal department, Web Hosting Talk, or on Twitter, going to post this here for all to be aware of.

On August 23rd, 2023, we were contacted by an unknown to us third party that reported WHMCS in responding to their BBB complaint,  shared a screenshot of a financial transaction that took place between us and WHMCS. This information was not authorized to be disclosed and the information was not for public consumption.  The reporting party provided additional information, including the response from the BBB that included WHMCS's response to provide additional authenticity to the report.  The transaction numbers listed in the screenshot that WHMCS sent to the BBB to respond to the unknown person's complaint matches a transaction that occurred between WHMCS and us in 2021 shortly after they terminated our owned license to the software.

To date, WHMCS has not acknowledged they released our information to this third party, they have not responded to repeated attempts at contact, and other than a generic "we have forwarded this to a manager" response to a support ticket, they have not made any attempts at any meaningful contact.

WHMCS was not and is never authorized to release financial transaction data involving our company and this is just another serious transgression against their customer base.  WHMCS should not be trusted in any form or manner, with any company's sensitive financial records especially if they can't keep your data private.  At the time of this writing, we have filed notices with the Texas Attorney General, Virginia Attorney General, BBB of Texas, IC3, and the Federal Trade Commission.  If a meaningful response is not afforded by WHMCS in thirty days from first contact regarding this issue, additional complaints will be lodged with European and United Kingdom regulators to make them aware of improper customer data handling by a company with a headquarters office in their jurisdiction.

Beware of WHMCS and monitor your sensitive information closely even when you're no longer a customer!

Link to comment
Share on other sites

They released the transaction ID, amount, etc. for a transaction between us and WHMCS to this unknown third party via the third party's complaint to the BBB from over two years ago. They were replying to that person's complaint, but gave away our financial transaction information to that customer.  We have STILL not heard anything from WHMCS, not even an acknowledgement that they are looking into it.

Since they have not responded, we have alerted the Attorney General's for Texas and Virginia to the breach of customer data and privacy violations.  Maybe one of them could prod them into responding.

If they can release a financial transaction between a customer and them, what else are they "accidentally" going to release?

Link to comment
Share on other sites

Update: in response to the ticket that was submitted to these people, they "Escalated" the ticket right to a closed status without providing any answers. Ticket has been reopened.

 

What is WHMCS hiding? Why are they refusing to discuss this breach of our privacy?  Is there an undisclosed breach into their systems? Why are they not communicating to us?

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated