![\"user-pic\"](\"/css/images/default.gif\")
Great, I think I bought stuff from them. After all this mess are you entitled to a free report like when your turned down for credit? I know what annual credit report is but what if I want a report in the next month or so and I'm not eligible for a annual report?
Tuesday is January 8, isn't it? Not the 9th like it says.
![\"user-pic\"](\"http://consumerist.com/assets_c/userpics/userpic-19745-100x100.png\")
Thank god they are \"taking this very seriously\" ! I was really concerned there for a moment.
![\"user-pic\"](\"/mt-static/support/assets_c/userpics/userpic-6536-100x100.png\")
recently discovered on December 5, 2007
Do they mean that they just discovered that the breach happened on December 5th or that they discovered the breach on December 5th and think that over a month ago counts as recent?
Either it took them a month to realize something happened or they waited a month to say something about it.
![\"user-pic\"](\"http://consumerist.com/assets_c/userpics/userpic-62173-100x100.png\")
...but this doesn't stop Consumerist from hawking Geeks.com via Dealhack on the very next blog post!! Whiskey tango foxtrot, Consumerist???
![\"user-pic\"](\"http://consumerist.com/assets_c/userpics/userpic-116946-100x100.png\")
At the very least, they should offer credit monitoring for 6 months to any customer who wants it.
And I can't find anything to remove my information or cancel my account on their site. WTF?
Dammit, merchants are not supposed to store the CVV2 numbers in the same place as the credit card number!!
They knew but why make customers jittery pre-Christmas. Way to put your customers first. Hope that Holiday sales bump was worth it.
I just got off the phone with someone at the 1-888-529-6261 number and he said they don't keep card info on file. He said they only keep names and addresses on file. He sounded like he didn't know anything about the hack either.
Seems like the info hasn't gone down chain of command yet.
@Diana Scott: Yeah, that stood out to me, too.
Wow, really makes you feel good when you entrust your credit information to a group that isn't even clear on what date Tuesday is.
If they really were geeks, this wouldn't have happened.
as of 9:23 est the site still says it is \"Hacker safe\" \"tested daily\"
![\"user-pic\"](\"http://consumerist.com/assets_c/userpics/userpic-257312-100x100.png\")
\"The purpose of this letter is to notify you that Genica dba Geeks.com (\"Genica\") recently discovered on December 5, 2007 that customer information, including Visa credit card information, may have been compromised.\"
I like how they used the word \"compromised\" instead of stolen. \\':'/
LOL, I couldn't stop laughing when I saw the \"Hacker Safe\" button on the upper left hand side of the image.
They keep repeating \"Visa credit cards\" - is that the only type of card this breach affects? That seems unlikely to me somehow.
I bought something from them 2 years ago with a non-Visa card, but they sent the wrong item and returning it was such a pain in the arse that I never went back again. I didn't get the e-mail, but I wonder how far back the stolen data goes.
but but they are \"taking it seriously!!!\"
![\"user-pic\"](\"http://consumerist.com/assets_c/userpics/userpic-172388-100x100.png\")
I just bought something from them, but it was on December 26. Hopefully they got their asses in gear once they noticed the breach instead of lollygagging around like they did with the announcement.
I paid with my Mastercard debit card, not a Visa. Guess I'll go call the bank just in case.
![\"user-pic\"](\"http://consumerist.com/assets_c/userpics/userpic-68654-100x100.png\")
@AT203: it's possible that they aren't storing it. they refer to their web server being hacked...if someone found an exploit in the transaction process, they could glean the info during submittal.
![\"user-pic\"](\"http://consumerist.com/assets_c/userpics/userpic-66824-100x100.png\")
Hmmm, I made a purchase on Geeks within the last year, but I didn't get this email. I used a MC, so I'm wondering if that exempts me. It does seem strange that only one type of card info would have been compromised.
![\"user-pic\"](\"http://consumerist.com/assets_c/userpics/userpic-1523-100x100.png\")
I'm pretty sure I've only used PayPal with Geeks.com, so I should be safe from this.
I have not, however, received the e-mail.
Could this be a hoax? Disgruntled customer doing some media hacking to make Geeks.com look bad?
Hrrm, I bought some stuff from Geeks back in September and the American Express card I used had about $1000 of fraudulent charges over the weekend of December 2-4, when I finally shut the card off. It was an Amex-- they actually wouldn't cancel the card after the first charge, which shocked me, but after seeing more charges I finally got them to cancel it.
So this seems a very interesting/possible explanation as to what happened...
(I should add, I didn't get the email either) I've used them on and off in the last 5 years and have never had a problem. Hrrrm.
I should also add, some of the charges seemed to center in the San Diego area, which is where they are... hrrrm.. inside job?
I also did not get the e-mail.
There's nothing on the Geeks.com website. I've sent an e-mail asking them to confirm.
![\"user-pic\"](\"http://consumerist.com/assets_c/userpics/userpic-69858-100x100.png\")
@manok: Yeah, why isn't this in the \"taking it seriously\" category?
That said, screw 'em. They claim they're hacker-safe, which is obviously a lie. Good thing I never used their service. Now I guess I never will.
I didn't get the email... does anyone know if Paypal information would be compromised???
![\"user-pic\"](\"http://consumerist.com/assets_c/userpics/userpic-126486-100x100.png\")
Is this the point in time where we can finally admit that there is no safe way to use a credit card?
![\"user-pic\"](\"http://consumerist.com/assets_c/userpics/userpic-70968-100x100.png\")
If only there were some segment of the population, obsessed wih computers, who could use their expertise to combat hacking [or target it] at Geeks.com? They should have a word, some piece of popular slang, to identify such people, by which such individuals could become known to the management of the aformentioned Geeks.com.
True or not, I went ahead and put a fraud alert on my credit at Experian.com. Using the fraud alert also came with a free report, and nothing suspicious so far.
Hey i didn't get an email either and I bought something within the past month from them. Geeks has always seemed a tad shady to me to be honest.
![\"user-pic\"](\"http://consumerist.com/assets_c/userpics/userpic-160786-100x100.png\")
Okay, who here did actually receive this email? Maybe this is just a hoax...
![\"user-pic\"](\"http://consumerist.com/assets_c/userpics/userpic-6178-100x100.png\")
@Eric J2: Electric Jewgaloo: A very good idea. I did the same thing and pointed them to this post. The glaring thing I notice is the second phone number is a totally different area code than that of the Geeks.com phone numbers. I don't have long distance on my phone, otherwise I'd just call them...
BTW, I've ordered from them, and haven't gotten the e-mail yet. I do get their daily e-mail, so this should've come in as well...
![\"user-pic\"](\"http://consumerist.com/assets_c/userpics/userpic-53379-100x100.png\")
@mac-phisto: Except they specifically and repeatedly referred to Visa card data, which struck me as strange. I could see, maybe, that they store transactions involving Visa cards separately from others, but if the hackers were intercepting there'd be no separation at that point.
Virtual account numbers rule. I bought something from geeks.com, but I don't give a crap whether someone stole the credit card number, because it was a throwaway card number.
I've got some pretty pictures of the old MBNA (now Bank of America) system here:
[www.douglips.com]
That's good that they came out and emailed people right away, but they really need to call their customers up and let them know. how many people use a throwaway email address when placing orders online? I use one account for purchases that gets spammed to sh*t, and one for my own personal use. I don't check the spam account unless i've placed an order or something.
I have looked at their site but according to my Quicken records, have never brought anything from them. Whew.
I've had to type in the CCV2 number in many credit card purchases. I guess the assumption is that if you didn't have the physical card, then you wouldn't know this number. But as mentioned above, it seems to be common sense that you shouldn't store this number WITH the credit card number. Better yet, I'd rather that companies DON'T store my CC number at all. I'm fine with reentering it when I decide to purchase something again.
Well isn't this just peachy...
This past weekend I've been having fun talking with my Wells Fargo Credit Card people - because I've had 7 fraudulent charges put onto my WF Visa card - the same card I used back in the Spring on 2007 to buy a external HD case from geeks.com.
Might be just a coincidence that my card # gets stolen and geeks.com was hacked in early December, but I am not happy because these two things feel like their going hand-in-hand....also I never received this supposed email.
First and last time I buy from geeks.com
@douglips: i used to use shopsafe all the time. didn't realize it transferred to boa, but i just checked my account & hurrah!
best idea ever.
![\"user-pic\"](\"http://consumerist.com/assets_c/userpics/userpic-113511-100x100.png\")
Sounds like someone should have spent some real money protecting their users and used a real security auditing service like those provided by Qualys.
I have used their free Qualysquard scanner when others have failed. What a joke.
www.qualys.com is where McAfee should look for some help.
LOL
![\"user-pic\"](\"http://consumerist.com/assets_c/userpics/userpic-65544-100x100.png\")
I made a purchase from them in June using a VISA and I have not received an email yet. I'll check with VISA for unusual charges tomorrow, there was nothing on my last bill.
![\"user-pic\"](\"http://consumerist.com/assets_c/userpics/userpic-160557-100x100.png\")
OMFG. I almost bought an HDTV back in November on their website. Lucky for me, Newegg had a slightly better deal which saved my ass.
\"Could this be a hoax? Disgruntled customer doing some media hacking to make Geeks.com look bad?\"
Nope. I'm the person who forwarded the email to Consumerist.com. It's legit.
I wrote a note to Consumerist which I attached to the email from Geeks.com (which they didn't include in this posting) explaining the circumstances. In it I said that we hadn't bought anything from Geeks.com in at least a year. That turns out to be not correct. The last purchase we made from them was in February 2007.
The purchase was made with a Visa debit card, which may account for their mentioning Visa. Why the hack might not affect other credit/debit cards, I have no idea.
Anyway, if you've bought anything from Geeks.com, it's probably a good idea to check with them to make sure everything is cool. As a result of this, we've had to get a new Visa card (Visa was very good about taking the charge off the old card).
The phone number supplied above is pretty well usless. They read you a generic line about 'an unathorized individual gained access to our commerce website'. If you actually have a worthwhile question they are directing you to their legal counsel. Call 312-873-7472.
@Justin42:
Same thing happened to me, I thought my amex info had been \"compromised\" at another site, but I'm pretty sure now that it was from my purchases at geeks.
I used a mastercard at geeks.com a few months ago, read this, and checked my mastercard statement. Sure enough, I had a fraudulent charge from 3 days ago to CCbill.com. I'm calling to cancel the card now.
The question I have is why they never sent me a notice of this theft. Are they really that incompetent?
Count me in on the class action lawsuit.
I contacted geek.com hotline #888-529-6261 and some female told me that only visa card holders are affected by this tragedy. I was very concern about this because i've been a customer since 2001 but I only used MC and AMEX cards, its sad people this doing this craziness I really think that these people need to get a min of 20yrs in jail to set an example!
![\"user-pic\"](\"http://consumerist.com/assets_c/userpics/userpic-33309-100x100.png\")
I CALLED THEM, SPOKE TO A LIVE PERSON.
I did NOT use Visa, it is only Visa cards that are affected (as the e-mail says), I used Paypal and so you're safe w/ that.
I called Geeks.com customer service, listed in their Contact Us section, and actually got through pretty quick. The young lady asked me where I read the article, I told here consumerist.com. She then instructed me to call the phone number listed in this article.
I asked her if she could just confirm that they had been hacked and she paused and said \"I really can't.\" I heard an awlful lot of chatter in the background as well like they might be getting swamped with calls.
I have already cancelled my CC, that I used there, and a new one is on the way. My CC company rep said she didn't see any strange charges pending. So, I may be in the clear. At least they don't have SS#s and Mother's maiden name information.
I purchased a CD player from Geeks.com in February using a VISA. I did not received the above email though the email address is active. I called the 888 number and spoke with a nice CS rep who confirmed the 'compromise' occurred. I asked about the 'verification numbers' and why they were being stored since the PCI standard (credit card company's rules about processing) state the number is not to be retained and used only at the time of processing, but the CS rep did not know. He took my name and number and said someone would follow-up with me.
Aha! Was trying to figure out how someone poached my Visa check card and charged up $2800 at a Bed Bath & Beyond in New Jersey. Happened right before the Holidays. Thanks Geeks.com for keeping me safe! FAIL! Now off to settle things with my bank...
I used a Mastercard with them, and had fraudulent charges starting 1/6/08. So either a HUGE coincidence, or at least some mastercards are affected. I canceled my mastercard.
They are not supposed to store the CVV2 (verification) number with the credit card numbers. They should really be sued for doing this. At minimum, they should lose their merchant account.
I just called them as well, at the number listed on their site. The representative Jimmy told me that you would get an e-mail and a snail-mail if you were one of the people affected. This makes me feel good as I haven't gotten either.
While I'm thinking, and not that it matters, I used a Visa card for at least one of the three transactions. I'm confident in that because none of my banking institutions utilizes MC, just Visa...
Purchased merchandise from Geeks in November of 2006, over $3000 of fraudulent charges appeared on my VISA in August of 2007. The order was placed at Dell in Australia and other merchants. The merchandise was shipped. VISA removed the fraudulent charges and issued a new card. The shipping merchants did not get paid for the fraudulent order. I did not receive a letter or email form Geeks. I will contact their GEEK's legal department and see what they have to say about it.
Might be a coincidence, but I was just contacted by DiscoverCard today. They were asking about a lot of recent charges in the past few days.
I didn't make any of them, Dell, Watches online, shoes place online, and many others.
I was going to contact Geeks this morning when I read this but since it was more than a year ago and wasn't VISA, I didn't worry. I haven't used my DiscoverCard in any new places, so either someplace else was compromised (MacMall, gas station, Buy.com) or this Geek problem effects more than just Visa and for more than a year.
I did call Geeks and they said they are just collecting information right now, and I will be contacted by someone.
There lies the problem of holding credi card information for future use. A lot of online companies don't even give the option whether they can hold creditc card information or not. And even if they have that option, who knows if they follow it or not. When will they ever learn? Probably not until they get sued for a lot more.
I just called them, the lady said approx 650 individuals were affected. It could be higher or lower.
As noted before, I am the person who originally alerted Consumerist to this problem. So far, we haven't gotten the snail mail from them about it, although (obviously) we did get the email.
I'll let you know if and when we get something in the mail from them.
Oh, by the way, shouldn't they be offering something to make up for this? So far, bupkis.
I guess I may be one of the 650 \"victims\", bought from them using my VISA in May 2007. Are there any lawyers on this board? I think a lawsuit is in order here for Geek's incompetence, negligence and the victims headache. Some things I noticed: a)I did not receive any emails or see anything related to the hack on their website. b)Geeks did not notify the incident before so it would not affect their Chrismas sales, despite discovering it December 5, 2007. c)according to Visa, Geeks violated their requirements to store the little code on the back of the credit card (called CVV2 by visa) for any length of time. If that part of the article is correct, the business is not PCI compliant and should loose its merchant account. d)The remediation according to the original post puts the weight on consumers as if it where their fault loosing this vital information. Would appreciate some feedback from someone familiar with legislation.
I definitely was one of the victims. I had charges start showing up a day before this notice came out. $430 at the ATT store and an authorization at iTunes. Looks like they were getting the iphone. I called and told my card company and they removed the charges and canceled my card. Geeks did not notify me directly in any way. I asked them what they were going to do to compensate and I haven't heard back anything.
My visa number was stolen recently. I also had Bed Bath and Beyond charges (also in NJ) on my card along with a $280 purchase from Tiger Direct. Our bank was great and canceled the card and refunded the charges as soon as we notified them. I will never do business with Geeks again. Seems like something should be done since they stored information that they shouldn't have. I did not receive an e-mail from Geeks though. Did all the victims receive an e-mail from them?
I made a few purchases with a Visa this year and recieved no email about this. I haven't noticed any activity but I put the fraud alert on my account and changed my card to be safe.
A friend who used the site had a $500 charge in Thailand as well as a bunch of small charges for online trading sites (the type the do to validate your card before opening an account). He also didn't recieve any email.
Neither of us stored out information on the site for later use. The email indication that it was their eCommerce site leads me to believe it wasn't the stored data but transactional data.
My friend is in the process of contacting them about why he didn't recieve the email either and that he saw charges.
I've been a long time reader of Consumerist, but just registered today so that I could post on this topic. I woke up this morning and logged on my bank's website to find fraudulent charges on my Visa card. I called the company phone numbers listed with the charges and found that someone in Australia had made several purchases with my credit card info. Geeks was my first AND only suspect, because I use other credit cards for everything else, and this one for bill paying (and Geeks).
Geeks.com was my very first online purchase back sometime around 1998 and I've spent 10s of 1000s of $ with them since. I would be satisfied if compensation was nothing more than free credit monitoring. I just went through all this last month with my wife's credit card and a different online retailer, and that was their solution.
I just got an email and a call from my credit card company. Apparently, the bastards tried charging a ticket on Air Arabia. The card company didn't let it go through but it still pisses me off that geeks.com wasn't proactive in calling all it's customers and hid it until after christmas. Last time I ever buy from these assholes.
I'm very upset too. I never recieved a notice from Geeks & had a charge for golf epquipment & WOW accounts in Nov & Dec which falls into their time frame of the breach. When I called they said they couldn't notify those affected because it would impede the law enforcement investagation.. whatever.
And they are not offering to compensate us?? We have to call the CC company (during the holidays) and get new cards and audit or credit histories and do all the leg work for their mistake. I can say I'm really going to look closely and my shopping online given their customer disservice.
I was already dissatisfied with their shipping costs, this is the final straw.
This is unbelievable. I buy stuff from there all the time! I will be pissed off if i see some weird transactions on my card. Lawsuit!!!
___________________________________________________________
KicksOnFire.com - News & Updates on Air Jordan & Jordans
either mcafee makes money in a way that I could (saying a site is 99% safe,and blaming hacks on that 1%)or the hack was done to geeks.com servers or a dumbass inside the companydid it.
Yeah I was a victim of this also, i made my purchase on January 1st and on the very 1st 10 charges where made to my card, thank god bank security called me last night to informe of this, bc i am currently in Dominican Republic, so yeah they just noticed they were hacked, kinda suck but oh well, hope every1 is able to sort out their issues, good luck.
![\"user-pic\"](\"http://consumerist.com/assets_c/userpics/userpic-168836-100x100.png\")
So much for that \"Hacker Safe\" banner on the website.