If you bought anything from Geeks.com in at least the last year or so, you might want to start paying close attention to your credit card statements—the company sent out an email on Friday telling former customers that they “recently discovered on December 5, 2007 that customer information, including Visa credit card information, may have been compromised.” Full email after the jump.
Genica Corporation
dba Geeks.com
1890 Ord Way
Oceanside, CA 92056
January 4, 2008[address redacted]
Dear [name redacted]
The purpose of this letter is to notify you that Genica dba Geeks.com (“Genica”) recently discovered on December 5, 2007 that customer information, including Visa credit card information, may have been compromised. In particular, it is possible that an unauthorized person may be in possession of your name, address, telephone number, email address, credit card number, expiration date, and card verification number. We are still investigating the details of this incident, but it appears that an unauthorized individual may have accessed this information by hacking our eCommerce website.
We take this breach of our data seriously, and we deeply regret that this incident has occurred. We immediately reported this crime to local law enforcement authorities, as well as the Secret Service and other federal authorities. We also reported the incident to Visa. We have engaged an outside, nationally recognized security firm to determine how this incident occurred and to confirm that information we obtain is protected to the fullest extent reasonably possible.
To protect against possible identity theft or other financial loss, we encourage you to review your Visa credit card account statements and to monitor your credit reports as provided below. To assist you, Genica has taken the following steps:
We have set up a toll-free, call-in number to assist you with questions or concerns you may have related to this incident. All questions should be directed to 1-888-529-6261 or 1-212-560-5108 for non-US recipients.
PLEASE NOTE: These numbers will be active beginning on Tuesday, January 9, 2008.We have provided names and contact information for the three major U.S. credit bureaus below. At no charge, you can have the agency place a “fraud alert” on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below.
Agency Toll-Free Website
Experian 888-397-3742 http://www.experian.com
Equifax 800-525-6285 http://www.equifax.com
TransUnion 800-680-7289 http://www.transunion.comYou are also entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit http://www.annualcreditreport.com or call toll-free (877) 322-8228. For additional information on how to further protect yourself against identity theft, you may wish to visit the web site of the U.S. Federal Trade Commission at http://www.consumer.gov/idtheft, or, for California residents, the web site of the California Office of Privacy Protection at http://www.privacy.ca.gov.
Again, we deeply regret this incident and any inconvenience or concern it may cause you. We are working diligently to investigate and resolve the matter.
Sincerely,Jerry L. Harken
Chief of Security
Genica Corporation
DBA: Geeks.com
assistance.RemoveThis@geeks.com
(Thanks to Bob!)
More From Consumerist
-
Verizon’s iPhone 5 Math: Using The Same Amount Of Data Faster Counts As More Data
-
Petco Releases Coupon On Internet, Forgets How Internet Works
-
Credit Card Info Hacked At Penn Station Sub Shops
-
LivingSocial Hacked, 50 Million Names, Emails, Birthdates, Encrypted Passwords Accessed
-
Wi-Fi Bug In iPhone 5 Surprises Verizon Customers With Massive Cellular Data Overages
I called Geeks.com customer service, listed in their Contact Us section, and actually got through pretty quick. The young lady asked me where I read the article, I told here consumerist.com. She then instructed me to call the phone number listed in this article.
I asked her if she could just confirm that they had been hacked and she paused and said “I really can’t.” I heard an awlful lot of chatter in the background as well like they might be getting swamped with calls.
I have already cancelled my CC, that I used there, and a new one is on the way. My CC company rep said she didn’t see any strange charges pending. So, I may be in the clear. At least they don’t have SS#s and Mother’s maiden name information.
I purchased a CD player from Geeks.com in February using a VISA. I did not received the above email though the email address is active. I called the 888 number and spoke with a nice CS rep who confirmed the ‘compromise’ occurred. I asked about the ‘verification numbers’ and why they were being stored since the PCI standard (credit card company’s rules about processing) state the number is not to be retained and used only at the time of processing, but the CS rep did not know. He took my name and number and said someone would follow-up with me.
Aha! Was trying to figure out how someone poached my Visa check card and charged up $2800 at a Bed Bath & Beyond in New Jersey. Happened right before the Holidays. Thanks Geeks.com for keeping me safe! FAIL! Now off to settle things with my bank…
I used a Mastercard with them, and had fraudulent charges starting 1/6/08. So either a HUGE coincidence, or at least some mastercards are affected. I canceled my mastercard.
They are not supposed to store the CVV2 (verification) number with the credit card numbers. They should really be sued for doing this. At minimum, they should lose their merchant account.
I just called them as well, at the number listed on their site. The representative Jimmy told me that you would get an e-mail and a snail-mail if you were one of the people affected. This makes me feel good as I haven’t gotten either.
While I’m thinking, and not that it matters, I used a Visa card for at least one of the three transactions. I’m confident in that because none of my banking institutions utilizes MC, just Visa…
Purchased merchandise from Geeks in November of 2006, over $3000 of fraudulent charges appeared on my VISA in August of 2007. The order was placed at Dell in Australia and other merchants. The merchandise was shipped. VISA removed the fraudulent charges and issued a new card. The shipping merchants did not get paid for the fraudulent order. I did not receive a letter or email form Geeks. I will contact their GEEK’s legal department and see what they have to say about it.
Might be a coincidence, but I was just contacted by DiscoverCard today. They were asking about a lot of recent charges in the past few days.
I didn’t make any of them, Dell, Watches online, shoes place online, and many others.
I was going to contact Geeks this morning when I read this but since it was more than a year ago and wasn’t VISA, I didn’t worry. I haven’t used my DiscoverCard in any new places, so either someplace else was compromised (MacMall, gas station, Buy.com) or this Geek problem effects more than just Visa and for more than a year.
I did call Geeks and they said they are just collecting information right now, and I will be contacted by someone.
There lies the problem of holding credi card information for future use. A lot of online companies don’t even give the option whether they can hold creditc card information or not. And even if they have that option, who knows if they follow it or not. When will they ever learn? Probably not until they get sued for a lot more.
I just called them, the lady said approx 650 individuals were affected. It could be higher or lower.
As noted before, I am the person who originally alerted Consumerist to this problem. So far, we haven’t gotten the snail mail from them about it, although (obviously) we did get the email.
I’ll let you know if and when we get something in the mail from them.
Oh, by the way, shouldn’t they be offering something to make up for this? So far, bupkis.
I guess I may be one of the 650 “victims”, bought from them using my VISA in May 2007. Are there any lawyers on this board? I think a lawsuit is in order here for Geek’s incompetence, negligence and the victims headache. Some things I noticed: a)I did not receive any emails or see anything related to the hack on their website. b)Geeks did not notify the incident before so it would not affect their Chrismas sales, despite discovering it December 5, 2007. c)according to Visa, Geeks violated their requirements to store the little code on the back of the credit card (called CVV2 by visa) for any length of time. If that part of the article is correct, the business is not PCI compliant and should loose its merchant account. d)The remediation according to the original post puts the weight on consumers as if it where their fault loosing this vital information. Would appreciate some feedback from someone familiar with legislation.
I definitely was one of the victims. I had charges start showing up a day before this notice came out. $430 at the ATT store and an authorization at iTunes. Looks like they were getting the iphone. I called and told my card company and they removed the charges and canceled my card. Geeks did not notify me directly in any way. I asked them what they were going to do to compensate and I haven’t heard back anything.
My visa number was stolen recently. I also had Bed Bath and Beyond charges (also in NJ) on my card along with a $280 purchase from Tiger Direct. Our bank was great and canceled the card and refunded the charges as soon as we notified them. I will never do business with Geeks again. Seems like something should be done since they stored information that they shouldn’t have. I did not receive an e-mail from Geeks though. Did all the victims receive an e-mail from them?
I made a few purchases with a Visa this year and recieved no email about this. I haven’t noticed any activity but I put the fraud alert on my account and changed my card to be safe.
A friend who used the site had a $500 charge in Thailand as well as a bunch of small charges for online trading sites (the type the do to validate your card before opening an account). He also didn’t recieve any email.
Neither of us stored out information on the site for later use. The email indication that it was their eCommerce site leads me to believe it wasn’t the stored data but transactional data.
My friend is in the process of contacting them about why he didn’t recieve the email either and that he saw charges.
I’ve been a long time reader of Consumerist, but just registered today so that I could post on this topic. I woke up this morning and logged on my bank’s website to find fraudulent charges on my Visa card. I called the company phone numbers listed with the charges and found that someone in Australia had made several purchases with my credit card info. Geeks was my first AND only suspect, because I use other credit cards for everything else, and this one for bill paying (and Geeks).
Geeks.com was my very first online purchase back sometime around 1998 and I’ve spent 10s of 1000s of $ with them since. I would be satisfied if compensation was nothing more than free credit monitoring. I just went through all this last month with my wife’s credit card and a different online retailer, and that was their solution.
I just got an email and a call from my credit card company. Apparently, the bastards tried charging a ticket on Air Arabia. The card company didn’t let it go through but it still pisses me off that geeks.com wasn’t proactive in calling all it’s customers and hid it until after christmas. Last time I ever buy from these assholes.
I’m very upset too. I never recieved a notice from Geeks & had a charge for golf epquipment & WOW accounts in Nov & Dec which falls into their time frame of the breach. When I called they said they couldn’t notify those affected because it would impede the law enforcement investagation.. whatever.
And they are not offering to compensate us?? We have to call the CC company (during the holidays) and get new cards and audit or credit histories and do all the leg work for their mistake. I can say I’m really going to look closely and my shopping online given their customer disservice.
I was already dissatisfied with their shipping costs, this is the final straw.
This is unbelievable. I buy stuff from there all the time! I will be pissed off if i see some weird transactions on my card. Lawsuit!!!
___________________________________________________________
KicksOnFire.com – News & Updates on Air Jordan & Jordans
either mcafee makes money in a way that I could (saying a site is 99% safe,
and blaming hacks on that 1%)
or the hack was done to geeks.com servers or a dumbass inside the company
did it.
Yeah I was a victim of this also, i made my purchase on January 1st and on the very 1st 10 charges where made to my card, thank god bank security called me last night to informe of this, bc i am currently in Dominican Republic, so yeah they just noticed they were hacked, kinda suck but oh well, hope every1 is able to sort out their issues, good luck.