Genica Corporation dba Geeks.com 1890 Ord Way Oceanside, CA 92056 January 4, 2008[address redacted]
Dear [name redacted]
The purpose of this letter is to notify you that Genica dba Geeks.com ("Genica") recently discovered on December 5, 2007 that customer information, including Visa credit card information, may have been compromised. In particular, it is possible that an unauthorized person may be in possession of your name, address, telephone number, email address, credit card number, expiration date, and card verification number. We are still investigating the details of this incident, but it appears that an unauthorized individual may have accessed this information by hacking our eCommerce website.
We take this breach of our data seriously, and we deeply regret that this incident has occurred. We immediately reported this crime to local law enforcement authorities, as well as the Secret Service and other federal authorities. We also reported the incident to Visa. We have engaged an outside, nationally recognized security firm to determine how this incident occurred and to confirm that information we obtain is protected to the fullest extent reasonably possible.
To protect against possible identity theft or other financial loss, we encourage you to review your Visa credit card account statements and to monitor your credit reports as provided below. To assist you, Genica has taken the following steps:
We have set up a toll-free, call-in number to assist you with questions or concerns you may have related to this incident. All questions should be directed to 1-888-529-6261 or 1-212-560-5108 for non-US recipients.
PLEASE NOTE: These numbers will be active beginning on Tuesday, January 9, 2008.We have provided names and contact information for the three major U.S. credit bureaus below. At no charge, you can have the agency place a "fraud alert" on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below.
Agency Toll-Free Website
Experian 888-397-3742 www.experian.com
Equifax 800-525-6285 www.equifax.com
TransUnion 800-680-7289 www.transunion.comYou are also entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228. For additional information on how to further protect yourself against identity theft, you may wish to visit the web site of the U.S. Federal Trade Commission at www.consumer.gov/idtheft, or, for California residents, the web site of the California Office of Privacy Protection at www.privacy.ca.gov.
Again, we deeply regret this incident and any inconvenience or concern it may cause you. We are working diligently to investigate and resolve the matter.
Sincerely,Jerry L. Harken
Chief of Security
Genica Corporation
DBA: Geeks.com
assistance.RemoveThis@geeks.com
I'm very upset too. I never recieved a notice from Geeks & had a charge for golf epquipment & WOW accounts in Nov & Dec which falls into their time frame of the breach. When I called they said they couldn't notify those affected because it would impede the law enforcement investagation.. whatever.
And they are not offering to compensate us?? We have to call the CC company (during the holidays) and get new cards and audit or credit histories and do all the leg work for their mistake. I can say I'm really going to look closely and my shopping online given their customer disservice.
I was already dissatisfied with their shipping costs, this is the final straw.
Geeks.com was my very first online purchase back sometime around 1998 and I've spent 10s of 1000s of $ with them since. I would be satisfied if compensation was nothing more than free credit monitoring. I just went through all this last month with my wife's credit card and a different online retailer, and that was their solution.
]]>I made a few purchases with a Visa this year and recieved no email about this. I haven't noticed any activity but I put the fraud alert on my account and changed my card to be safe.
A friend who used the site had a $500 charge in Thailand as well as a bunch of small charges for online trading sites (the type the do to validate your card before opening an account). He also didn't recieve any email.
Neither of us stored out information on the site for later use. The email indication that it was their eCommerce site leads me to believe it wasn't the stored data but transactional data.
My friend is in the process of contacting them about why he didn't recieve the email either and that he saw charges.
]]>I definitely was one of the victims. I had charges start showing up a day before this notice came out. $430 at the ATT store and an authorization at iTunes. Looks like they were getting the iphone. I called and told my card company and they removed the charges and canceled my card. Geeks did not notify me directly in any way. I asked them what they were going to do to compensate and I haven't heard back anything.
]]>I guess I may be one of the 650 "victims", bought from them using my VISA in May 2007. Are there any lawyers on this board? I think a lawsuit is in order here for Geek's incompetence, negligence and the victims headache. Some things I noticed: a)I did not receive any emails or see anything related to the hack on their website. b)Geeks did not notify the incident before so it would not affect their Chrismas sales, despite discovering it December 5, 2007. c)according to Visa, Geeks violated their requirements to store the little code on the back of the credit card (called CVV2 by visa) for any length of time. If that part of the article is correct, the business is not PCI compliant and should loose its merchant account. d)The remediation according to the original post puts the weight on consumers as if it where their fault loosing this vital information. Would appreciate some feedback from someone familiar with legislation.
]]>I'll let you know if and when we get something in the mail from them.
]]>There lies the problem of holding credi card information for future use. A lot of online companies don't even give the option whether they can hold creditc card information or not. And even if they have that option, who knows if they follow it or not. When will they ever learn? Probably not until they get sued for a lot more.
]]>I was going to contact Geeks this morning when I read this but since it was more than a year ago and wasn't VISA, I didn't worry. I haven't used my DiscoverCard in any new places, so either someplace else was compromised (MacMall, gas station, Buy.com) or this Geek problem effects more than just Visa and for more than a year.
I did call Geeks and they said they are just collecting information right now, and I will be contacted by someone.
]]>They are not supposed to store the CVV2 (verification) number with the credit card numbers. They should really be sued for doing this. At minimum, they should lose their merchant account.
]]>I called Geeks.com customer service, listed in their Contact Us section, and actually got through pretty quick. The young lady asked me where I read the article, I told here consumerist.com. She then instructed me to call the phone number listed in this article.
I asked her if she could just confirm that they had been hacked and she paused and said "I really can't." I heard an awlful lot of chatter in the background as well like they might be getting swamped with calls.
I have already cancelled my CC, that I used there, and a new one is on the way. My CC company rep said she didn't see any strange charges pending. So, I may be in the clear. At least they don't have SS#s and Mother's maiden name information.
]]>I did NOT use Visa, it is only Visa cards that are affected (as the e-mail says), I used Paypal and so you're safe w/ that.
]]>The question I have is why they never sent me a notice of this theft. Are they really that incompetent?
Count me in on the class action lawsuit.
]]>The phone number supplied above is pretty well usless. They read you a generic line about 'an unathorized individual gained access to our commerce website'. If you actually have a worthwhile question they are directing you to their legal counsel. Call 312-873-7472.
]]>Nope. I'm the person who forwarded the email to Consumerist.com. It's legit.
I wrote a note to Consumerist which I attached to the email from Geeks.com (which they didn't include in this posting) explaining the circumstances. In it I said that we hadn't bought anything from Geeks.com in at least a year. That turns out to be not correct. The last purchase we made from them was in February 2007.
The purchase was made with a Visa debit card, which may account for their mentioning Visa. Why the hack might not affect other credit/debit cards, I have no idea.
Anyway, if you've bought anything from Geeks.com, it's probably a good idea to check with them to make sure everything is cool. As a result of this, we've had to get a new Visa card (Visa was very good about taking the charge off the old card).
]]>I have used their free Qualysquard scanner when others have failed. What a joke.
www.qualys.com is where McAfee should look for some help.
LOL
]]>best idea ever.
]]>First and last time I buy from geeks.com
]]>I've had to type in the CCV2 number in many credit card purchases. I guess the assumption is that if you didn't have the physical card, then you wouldn't know this number. But as mentioned above, it seems to be common sense that you shouldn't store this number WITH the credit card number. Better yet, I'd rather that companies DON'T store my CC number at all. I'm fine with reentering it when I decide to purchase something again.
]]>I've got some pretty pictures of the old MBNA (now Bank of America) system here:
[www.douglips.com]
BTW, I've ordered from them, and haven't gotten the e-mail yet. I do get their daily e-mail, so this should've come in as well...
]]>@nffcnnr: I wonder if the DVD player comes with free identity theft.
]]>True or not, I went ahead and put a fraud alert on my credit at Experian.com. Using the fraud alert also came with a free report, and nothing suspicious so far.
]]>Is this the point in time where we can finally admit that there is no safe way to use a credit card?
]]>That said, screw 'em. They claim they're hacker-safe, which is obviously a lie. Good thing I never used their service. Now I guess I never will.
]]>So this seems a very interesting/possible explanation as to what happened...
]]>I have not, however, received the e-mail.
Could this be a hoax? Disgruntled customer doing some media hacking to make Geeks.com look bad?
]]>I paid with my Mastercard debit card, not a Visa. Guess I'll go call the bank just in case.
]]>but but they are "taking it seriously!!!"
]]>I bought something from them 2 years ago with a non-Visa card, but they sent the wrong item and returning it was such a pain in the arse that I never went back again. I didn't get the e-mail, but I wonder how far back the stolen data goes.
]]>I like how they used the word "compromised" instead of stolen. \':'/
]]>as of 9:23 est the site still says it is "Hacker safe" "tested daily"
]]>Wow, really makes you feel good when you entrust your credit information to a group that isn't even clear on what date Tuesday is.
]]>Seems like the info hasn't gone down chain of command yet.
]]>They knew but why make customers jittery pre-Christmas. Way to put your customers first. Hope that Holiday sales bump was worth it.
]]>And I can't find anything to remove my information or cancel my account on their site. WTF?
]]>recently discovered on December 5, 2007
Do they mean that they just discovered that the breach happened on December 5th or that they discovered the breach on December 5th and think that over a month ago counts as recent?
Either it took them a month to realize something happened or they waited a month to say something about it.
]]>Great, I think I bought stuff from them. After all this mess are you entitled to a free report like when your turned down for credit? I know what annual credit report is but what if I want a report in the next month or so and I'm not eligible for a annual report?
]]>So much for that "Hacker Safe" banner on the website.
]]>