I found the quote from his vendor profile and I'd like to post it here: So, I guess it's safe to assume whoever placed orders while the account was under the control of the scammer did so without encrypting their information. I guessed as much before based on some buyers not being willing to learn PGP, but now that I read that on his profile, it's even more frustrating because ALBION SHOULD KNOW BETTER. ALL VENDORS SHOULD KNOW BETTER! All vendors should know how to use PGP for their own protection and for the safety of their customers. There is absolutely NO excuse for not knowing how to use PGP when you're a vendor handling people's sensitive information. To go so far as to almost even DISCOURAGE buyers from using PGP is simply reckless.