Geeks.com Hacked

January 8, 2008 By Digital Trends Staff

Geeks.com Hacked

They sell tech gear, theyâ€™re certified hacker-safe, but theyâ€™ve been forced to admit that their e-commerce site was hacked last month.

It had to be a supremely embarrassing moment for Geeks.com, the site that sells tech gear online. Certified hacker safe by McAfee’s Scan Alert, the company last week admitted that it has been hacked, according to a story on Information Week. In a letter posted on the Consumerist, Jerry L. Harken, head of security for the firm’s parent company, Genica, said, "Genica dba Geeks.com (‘Genica’) recently discovered onDecember 5, 2007 that customer information, including Visa credit card information, may have been compromised. In particular, it is possible that an unauthorized person may be in possession of yourname, address, telephone number, e-mail address, credit card number, expiration date, and card verification number. We are still investigating the details of this incident, but it appears that anunauthorized individual may have accessed this information by hacking our e-commerce Web site." The company has reported the issue, and has set up help lines for customers who might havebeen affected. McAfee asserts that its hacker safe certification doesn’t always equate to 100% safe.

Showing 3 comments

Not Notified by Geeks.com at 3:13pm 15th January 2008 I've also been a loyal customer for years as well as a GEEKS' affiliate, sending new customers to their website. I did not receive any word from Geeks regarding the hack or the risk to my financial information. I DID receive more than 10 marketing emails from Geeks over the past month since the website hack so I'm pretty certain they have my email address.

Today I learned from my bank that one of my credit cards was recently compromised "in connection with a website that is now undergoing a fraud investigation". This particular credit card is less than 12 months old, is -rarely- used for online purchases but happened to have been used for a GEEKS purchase in November. Not a word to me from GEEKS, though. Maybe they were hoping I'd not notice the fraudulent charges that started appearing today? Lucky for me my bank spotted those charges and gave me a call.

As if failure to notify customers wasn't bad enough, it seems that GEEKS stored customers' CVV2 card verification numbers -- the special 3-digit numbers on the backs of VISA cards that merchants are ABSOLUTELY NOT supposed to keep as expressly stated by VISA in their merchant agreement.

If GEEKS.COM wants to retain some level of customer trust, GEEKS needs to inform ALL of their customers of the hack, the resulting risk and how GEEKS is going to fix things. And a "We're sorry" probably wouldn't hurt, either...
Matt at 7:39am 11th January 2008 What bothers me is that their staff didn't email everyone warning them that this happened. I have been a loyal customer for years now and I didn't receive one either.

Having your site hacked unfortunately is sometimes part of doing business online, but to not inform ALL your customers that it happened is in my opinion criminally negligent. Shame on you Geeks.com!
Scott Beckstead at 5:29pm 8th January 2008 What's the point of certifying anything if it doesn't mean certified? McAfee has a lot to answer for and we should not let them off the hook either. Since we assume as consumers that hacker safe means hacker safe and it says cerified that's what we expect.