Geeks.com customer credit card data compromised
Technorati Tag: Security Breach
Date Reported:
1/7/08
Organization:
Geeks.com - Genica Corporation*
*Geeks.com is a $150 million company specializing in the sale of computer-related excess inventory and manufacturer's closeouts.
Contractor/Consultant/Branch:
None
Victims:
Geeks.com customers
Number Affected:
Unknown
Types of Data:
Names, addresses, telephone numbers, email addresses, credit card numbers, expiration dates, and card verification numbers.
Breach Description:
An undisclosed number of Geeks.com customers have been affected by an apparent breach of the company's online security. Geeks.com reportedly noticed the breach on December 5th, 2007 and began sending letters to customers on January 4th, 2008.
Reference URL:
The Consumerist Story
Computerworld Story
Report Credit:
The Consumerist
Response:
From the online sources cited above:
The purpose of this letter is to notify you that Genica dba Geeks.com ("Genica") recently discovered on December 5, 2007 that customer information, including Visa credit card information, may have been compromised.
In particular, it is possible that an unauthorized person may be in possession of your name, address, telephone number, email address, credit card number, expiration date, and card verification number.
[Evan] Is the storage of the card verification number (or card-validation code) a violation of Visa requirements? Check out Requirement 3.3 (download the Self-Assessment Questionnaire)
We are still investigating the details of this incident, but it appears that an unauthorized individual may have accessed this information by hacking our eCommerce website.
[Evan] But, as the Computerworld story points out, this site is "Hacker Safe". Guess not.
We take this breach of our data seriously, and we deeply regret that this incident has occurred.
We immediately reported this crime to local law enforcement authorities, as well as the Secret Service and other federal authorities. We also reported the incident to Visa.
We have engaged an outside, nationally recognized security firm to determine how this incident occurred and to confirm that information we obtain is protected to the fullest extent reasonably possible.
[Evan] Who?
To protect against possible identity theft or other financial loss, we encourage you to review your Visa credit card account statements and to monitor your credit reports
[Evan] Honestly, if I received the letter (or email) from geeks.com, I would call the bank and cancel my card(s). They will re-issue a credit card with a new number if yours is compromised.
All questions should be directed to 1- or 1- for non-US recipients.
PLEASE NOTE: These numbers will be active beginning on Tuesday, January 9, 2008.
Commentary:
I have my own opinion of course, but do you think that the "Hacker Safe" badge on ecommerce sites offers customers and ecommerce shop owners a false sense of security? I do know that the "Hacker Safe" badge certainly and obviously does not guarantee that your order or personal information is safe. Nothing will.
The Computerworld story has some good commentary on the "Hacker Safe" badge.
I am a disappointed that geeks.com stored credit card-valtidation codes, this is a bad idea.
Past Breaches:
Unknown
Date Reported:1/7/08
Organization:
Geeks.com - Genica Corporation*
*Geeks.com is a $150 million company specializing in the sale of computer-related excess inventory and manufacturer's closeouts.
Contractor/Consultant/Branch:
None
Victims:
Geeks.com customers
Number Affected:
Unknown
Types of Data:
Names, addresses, telephone numbers, email addresses, credit card numbers, expiration dates, and card verification numbers.
Breach Description:
An undisclosed number of Geeks.com customers have been affected by an apparent breach of the company's online security. Geeks.com reportedly noticed the breach on December 5th, 2007 and began sending letters to customers on January 4th, 2008.
Reference URL:
The Consumerist Story
Computerworld Story
Report Credit:
The Consumerist
Response:
From the online sources cited above:
The purpose of this letter is to notify you that Genica dba Geeks.com ("Genica") recently discovered on December 5, 2007 that customer information, including Visa credit card information, may have been compromised.
In particular, it is possible that an unauthorized person may be in possession of your name, address, telephone number, email address, credit card number, expiration date, and card verification number.
[Evan] Is the storage of the card verification number (or card-validation code) a violation of Visa requirements? Check out Requirement 3.3 (download the Self-Assessment Questionnaire)
We are still investigating the details of this incident, but it appears that an unauthorized individual may have accessed this information by hacking our eCommerce website.
[Evan] But, as the Computerworld story points out, this site is "Hacker Safe". Guess not.
We take this breach of our data seriously, and we deeply regret that this incident has occurred.
We immediately reported this crime to local law enforcement authorities, as well as the Secret Service and other federal authorities. We also reported the incident to Visa.
We have engaged an outside, nationally recognized security firm to determine how this incident occurred and to confirm that information we obtain is protected to the fullest extent reasonably possible.
[Evan] Who?
To protect against possible identity theft or other financial loss, we encourage you to review your Visa credit card account statements and to monitor your credit reports
[Evan] Honestly, if I received the letter (or email) from geeks.com, I would call the bank and cancel my card(s). They will re-issue a credit card with a new number if yours is compromised.
All questions should be directed to 1- or 1- for non-US recipients.
PLEASE NOTE: These numbers will be active beginning on Tuesday, January 9, 2008.
Commentary:
I have my own opinion of course, but do you think that the "Hacker Safe" badge on ecommerce sites offers customers and ecommerce shop owners a false sense of security? I do know that the "Hacker Safe" badge certainly and obviously does not guarantee that your order or personal information is safe. Nothing will.
The Computerworld story has some good commentary on the "Hacker Safe" badge.
I am a disappointed that geeks.com stored credit card-valtidation codes, this is a bad idea.
Past Breaches:
Unknown
Posts Atom 1.0
Comments