So much for that "Hacker Safe" banner on the website.

Great, I think I bought stuff from them. After all this mess are you entitled to a free report like when your turned down for credit? I know what annual credit report is but what if I want a report in the next month or so and I'm not eligible for a annual report?

Tuesday is January 8, isn't it? Not the 9th like it says.

Thank god they are "taking this very seriously" ! I was really concerned there for a moment.

recently discovered on December 5, 2007

Do they mean that they just discovered that the breach happened on December 5th or that they discovered the breach on December 5th and think that over a month ago counts as recent?

Either it took them a month to realize something happened or they waited a month to say something about it.

...but this doesn't stop Consumerist from hawking Geeks.com via Dealhack on the very next blog post!! Whiskey tango foxtrot, Consumerist???

At the very least, they should offer credit monitoring for 6 months to any customer who wants it.

And I can't find anything to remove my information or cancel my account on their site. WTF?

Dammit, merchants are not supposed to store the CVV2 numbers in the same place as the credit card number!!

They knew but why make customers jittery pre-Christmas. Way to put your customers first. Hope that Holiday sales bump was worth it.

I just got off the phone with someone at the 1-888-529-6261 number and he said they don't keep card info on file. He said they only keep names and addresses on file. He sounded like he didn't know anything about the hack either.

Seems like the info hasn't gone down chain of command yet.

@Diana Scott: Yeah, that stood out to me, too.

Wow, really makes you feel good when you entrust your credit information to a group that isn't even clear on what date Tuesday is.

If they really were geeks, this wouldn't have happened.

as of 9:23 est the site still says it is "Hacker safe" "tested daily"

"The purpose of this letter is to notify you that Genica dba Geeks.com ("Genica") recently discovered on December 5, 2007 that customer information, including Visa credit card information, may have been compromised."

I like how they used the word "compromised" instead of stolen. \':'/

LOL, I couldn't stop laughing when I saw the "Hacker Safe" button on the upper left hand side of the image.

They keep repeating "Visa credit cards" - is that the only type of card this breach affects? That seems unlikely to me somehow.

I bought something from them 2 years ago with a non-Visa card, but they sent the wrong item and returning it was such a pain in the arse that I never went back again. I didn't get the e-mail, but I wonder how far back the stolen data goes.

but but they are "taking it seriously!!!"

I just bought something from them, but it was on December 26. Hopefully they got their asses in gear once they noticed the breach instead of lollygagging around like they did with the announcement.

I paid with my Mastercard debit card, not a Visa. Guess I'll go call the bank just in case.

@AT203: it's possible that they aren't storing it. they refer to their web server being hacked...if someone found an exploit in the transaction process, they could glean the info during submittal.

Hmmm, I made a purchase on Geeks within the last year, but I didn't get this email. I used a MC, so I'm wondering if that exempts me. It does seem strange that only one type of card info would have been compromised.

I'm pretty sure I've only used PayPal with Geeks.com, so I should be safe from this.

I have not, however, received the e-mail.

Could this be a hoax? Disgruntled customer doing some media hacking to make Geeks.com look bad?

Hrrm, I bought some stuff from Geeks back in September and the American Express card I used had about $1000 of fraudulent charges over the weekend of December 2-4, when I finally shut the card off. It was an Amex-- they actually wouldn't cancel the card after the first charge, which shocked me, but after seeing more charges I finally got them to cancel it.

So this seems a very interesting/possible explanation as to what happened...

(I should add, I didn't get the email either) I've used them on and off in the last 5 years and have never had a problem. Hrrrm.

I should also add, some of the charges seemed to center in the San Diego area, which is where they are... hrrrm.. inside job?

I also did not get the e-mail.

There's nothing on the Geeks.com website. I've sent an e-mail asking them to confirm.

@manok: Yeah, why isn't this in the "taking it seriously" category?

That said, screw 'em. They claim they're hacker-safe, which is obviously a lie. Good thing I never used their service. Now I guess I never will.

I didn't get the email... does anyone know if Paypal information would be compromised???

Is this the point in time where we can finally admit that there is no safe way to use a credit card?

If only there were some segment of the population, obsessed wih computers, who could use their expertise to combat hacking [or target it] at Geeks.com? They should have a word, some piece of popular slang, to identify such people, by which such individuals could become known to the management of the aformentioned Geeks.com.

True or not, I went ahead and put a fraud alert on my credit at Experian.com. Using the fraud alert also came with a free report, and nothing suspicious so far.

Hey i didn't get an email either and I bought something within the past month from them. Geeks has always seemed a tad shady to me to be honest.

@nffcnnr: I wonder if the DVD player comes with free identity theft.

Okay, who here did actually receive this email? Maybe this is just a hoax...

@Eric J2: Electric Jewgaloo: A very good idea. I did the same thing and pointed them to this post. The glaring thing I notice is the second phone number is a totally different area code than that of the Geeks.com phone numbers. I don't have long distance on my phone, otherwise I'd just call them...

BTW, I've ordered from them, and haven't gotten the e-mail yet. I do get their daily e-mail, so this should've come in as well...

@mac-phisto: Except they specifically and repeatedly referred to Visa card data, which struck me as strange. I could see, maybe, that they store transactions involving Visa cards separately from others, but if the hackers were intercepting there'd be no separation at that point.

Virtual account numbers rule. I bought something from geeks.com, but I don't give a crap whether someone stole the credit card number, because it was a throwaway card number.

I've got some pretty pictures of the old MBNA (now Bank of America) system here:
[www.douglips.com]

That's good that they came out and emailed people right away, but they really need to call their customers up and let them know. how many people use a throwaway email address when placing orders online? I use one account for purchases that gets spammed to sh*t, and one for my own personal use. I don't check the spam account unless i've placed an order or something.

I have looked at their site but according to my Quicken records, have never brought anything from them. Whew.

I've had to type in the CCV2 number in many credit card purchases. I guess the assumption is that if you didn't have the physical card, then you wouldn't know this number. But as mentioned above, it seems to be common sense that you shouldn't store this number WITH the credit card number. Better yet, I'd rather that companies DON'T store my CC number at all. I'm fine with reentering it when I decide to purchase something again.

Well isn't this just peachy...
This past weekend I've been having fun talking with my Wells Fargo Credit Card people - because I've had 7 fraudulent charges put onto my WF Visa card - the same card I used back in the Spring on 2007 to buy a external HD case from geeks.com.
Might be just a coincidence that my card # gets stolen and geeks.com was hacked in early December, but I am not happy because these two things feel like their going hand-in-hand....also I never received this supposed email.

First and last time I buy from geeks.com

@douglips: i used to use shopsafe all the time. didn't realize it transferred to boa, but i just checked my account & hurrah!

best idea ever.

Sounds like someone should have spent some real money protecting their users and used a real security auditing service like those provided by Qualys.

I have used their free Qualysquard scanner when others have failed. What a joke.

www.qualys.com is where McAfee should look for some help.

LOL

I made a purchase from them in June using a VISA and I have not received an email yet. I'll check with VISA for unusual charges tomorrow, there was nothing on my last bill.

OMFG. I almost bought an HDTV back in November on their website. Lucky for me, Newegg had a slightly better deal which saved my ass.

"Could this be a hoax? Disgruntled customer doing some media hacking to make Geeks.com look bad?"

Nope. I'm the person who forwarded the email to Consumerist.com. It's legit.

I wrote a note to Consumerist which I attached to the email from Geeks.com (which they didn't include in this posting) explaining the circumstances. In it I said that we hadn't bought anything from Geeks.com in at least a year. That turns out to be not correct. The last purchase we made from them was in February 2007.

The purchase was made with a Visa debit card, which may account for their mentioning Visa. Why the hack might not affect other credit/debit cards, I have no idea.

Anyway, if you've bought anything from Geeks.com, it's probably a good idea to check with them to make sure everything is cool. As a result of this, we've had to get a new Visa card (Visa was very good about taking the charge off the old card).

The phone number supplied above is pretty well usless. They read you a generic line about 'an unathorized individual gained access to our commerce website'. If you actually have a worthwhile question they are directing you to their legal counsel. Call 312-873-7472.

@Justin42:
Same thing happened to me, I thought my amex info had been "compromised" at another site, but I'm pretty sure now that it was from my purchases at geeks.

I used a mastercard at geeks.com a few months ago, read this, and checked my mastercard statement. Sure enough, I had a fraudulent charge from 3 days ago to CCbill.com. I'm calling to cancel the card now.

The question I have is why they never sent me a notice of this theft. Are they really that incompetent?

Count me in on the class action lawsuit.

I contacted geek.com hotline #888-529-6261 and some female told me that only visa card holders are affected by this tragedy. I was very concern about this because i've been a customer since 2001 but I only used MC and AMEX cards, its sad people this doing this craziness I really think that these people need to get a min of 20yrs in jail to set an example!

I CALLED THEM, SPOKE TO A LIVE PERSON.

I did NOT use Visa, it is only Visa cards that are affected (as the e-mail says), I used Paypal and so you're safe w/ that.

I called Geeks.com customer service, listed in their Contact Us section, and actually got through pretty quick. The young lady asked me where I read the article, I told here consumerist.com. She then instructed me to call the phone number listed in this article.

I asked her if she could just confirm that they had been hacked and she paused and said "I really can't." I heard an awlful lot of chatter in the background as well like they might be getting swamped with calls.

I have already cancelled my CC, that I used there, and a new one is on the way. My CC company rep said she didn't see any strange charges pending. So, I may be in the clear. At least they don't have SS#s and Mother's maiden name information.

I purchased a CD player from Geeks.com in February using a VISA. I did not received the above email though the email address is active. I called the 888 number and spoke with a nice CS rep who confirmed the 'compromise' occurred. I asked about the 'verification numbers' and why they were being stored since the PCI standard (credit card company's rules about processing) state the number is not to be retained and used only at the time of processing, but the CS rep did not know. He took my name and number and said someone would follow-up with me.

Aha! Was trying to figure out how someone poached my Visa check card and charged up $2800 at a Bed Bath & Beyond in New Jersey. Happened right before the Holidays. Thanks Geeks.com for keeping me safe! FAIL! Now off to settle things with my bank...

I used a Mastercard with them, and had fraudulent charges starting 1/6/08. So either a HUGE coincidence, or at least some mastercards are affected. I canceled my mastercard.

They are not supposed to store the CVV2 (verification) number with the credit card numbers. They should really be sued for doing this. At minimum, they should lose their merchant account.

I just called them as well, at the number listed on their site. The representative Jimmy told me that you would get an e-mail and a snail-mail if you were one of the people affected. This makes me feel good as I haven't gotten either.

While I'm thinking, and not that it matters, I used a Visa card for at least one of the three transactions. I'm confident in that because none of my banking institutions utilizes MC, just Visa...