(Memphis) A Mid-South woman's bank accounts were drained after a hacker accessed her online shopping information on walmart.com.
Colli Bounds, who last purchased Christmas gifts on the site in December, said she received several e-mails Monday night thanking her for her purchases.
There were several graphics cards purchased, totaling $3,198, to be shipped to a small town in Georgia.
"I made the mistake of thinking it could never happen to me. My password was eight characters, and a mixture of letters and numbers," Bounds said.
Because her checking and savings accounts were linked, the purchases wiped both accounts clean.
"I can’t buy a gallon of milk, because I have nothing," she said.
Within 20 minutes of receiving the first emails, she went online to cancel the orders. Since Walmart's customer service line wouldn't be open until the morning, she called the next day.
"She promised me that they would not be shipped out. I would not be charged. Tuesday evening, I received the first of four emails telling me my order had been shipped."
A Walmart spokesman said that five orders were placed. One order was stopped, while four others were probably too far along to cancel.
Bounds said that the tracking information showed the four packages shipped out of the warehouse at least four hours after her phone conversation with the customer service representative.
In a statement, a Walmart spokesman said:
"Customer privacy is a top priority to us. There are sometimes individual cases when we learn that someone has gained unauthorized access to a customer’s login information. To be clear, there is no indication of a breach of Walmart.com systems. In these situations, there are unrelated ways that third parties obtain user names and passwords, such as a phishing attack or by planting malware on users’ computers. Even in these cases, if someone is able to login to an account, the full credit card number is not visible. When we become aware of these matters, we work immediately with our customers to help them protect their online security."
The company locked the account, though Bound had already taken steps to change her password and delete stored card information.
Walmart also advised talking to the bank that issued the debit card. SunTrust told Bounds they would take about 10 days to investigate whether they could restore the money.
"I feel like I haven’t slept all week. I realize that it’s probably a bit over-dramatic to some people, but because it’s happening to me, it’s hard."
She became even more frustrated when she posted about her experience on a Walmart Facebook page. She was told to report the issue but was given a broken link. When she sent an email, a response came back with a phone number she'd already called.
Bounds said she told them about the felony in progress.
"They were notified of this. And they did nothing, nothing to stop it. And they seem like they just didn’t care. Like I was one person out of 20 million shoppers that they had."
Collie Bounds has filed reports with several law enforcement agencies, including the FBI, since the items were shipped across state lines.
She is now advising her friends to change their online passwords often, and to delete any card information used online.
Even though she doesn't remember saving her card information with Walmart, she said every card she had ever used to purchase an item on the site showed up.