Consumer Electronics Company Agrees to Settle Data Security Charges; Breach Compromised Data of Hundreds of Consumers

An online seller of computer supplies and other consumer electronics has agreed to settle Federal Trade Commission charges that it violated federal law by failing to provide reasonable security to protect sensitive customer data.

According to the FTC’s complaint, Compgeeks.com (Compgeeks), which operates the www.geeks.com Web site, and its parent company, Genica Corporation (Genica), collect sensitive information from consumers to obtain authorization for credit card purchases. The respondents require each consumer to provide his or her first and last name; address; e-mail address; telephone number; and credit card number, expiration date, and security code. In January 2008, media reports revealed a data breach at the company. It was later confirmed that hackers accessed the sensitive information of hundreds of consumers.

The complaint alleges that until at least December 2007, among other security failures, the respondents routinely stored this sensitive information in unencrypted text on their corporate computer network. The complaint also charges that the respondents did not adequately assess whether their Web application and network were vulnerable to commonly known or reasonably foreseeable attacks, such as Structured Query Language (SQL) injection attacks. The respondents also did not implement simple, readily available defenses to these attacks; defenses that were free or inexpensive. And – from January 2007 or earlier through June 2007 or later – hackers repeatedly exploited these vulnerabilities by using SQL injection attacks on the www.geeks.com Web site, the complaint alleges. The respondents did not become aware of the breach until December 2007.

The proposed settlement bars the respondents from making deceptive privacy and data security claims and requires them to implement and maintain a comprehensive information-security program that includes administrative, technical, and physical safeguards. It also requires the companies to obtain, every other year for 10 years, an audit from a qualified, independent, third-party professional to ensure that the security program meets the standards of the order. In addition, the proposed settlement contains standard record-keeping provisions to allow the FTC to monitor compliance.

The FTC complaint names as respondents Compgeeks, doing business as Computer Geeks Discount Outlet and geeks.com; and Genica, which, as Compgeeks’ parent company, allegedly controlled the practices at issue. According to the complaint, the respondents violated federal law by falsely stating that they took reasonable and appropriate measures to protect personal information from unauthorized access. Their privacy policy states in part: “We use secure technology, privacy protection controls, and restrictions on employee access in order to safeguard your information.”

The Commission vote to accept the proposed complaint and consent agreement was 4-0. The FTC will publish an announcement regarding the agreement in the Federal Register shortly. The agreement will be subject to public comment for 30 days, beginning today and continuing through March 9, 2009, after which the Commission will decide whether to make it final.

Comments should be addressed to the FTC, Office of the Secretary, Room H-135, 600 Pennsylvania Avenue, N.W., Washington, DC 20580. The FTC is requesting that any comment filed in paper form near the end of the public comment period be sent by courier or overnight service, if possible, because U.S. postal mail in the Washington area and at the Commission is subject to delay due to heightened security precautions.

Copies of the complaint, proposed consent agreement, and an analysis of the agreement to aid in public comment are available from both the FTC’s Web site at http://www.ftc.gov and the FTC’s Consumer Response Center, Room 130, 600 Pennsylvania Avenue, N.W., Washington, DC 20580.

The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 1,500 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s Web site provides free information on a variety of consumer topics.

(FTC File No. 0823113)
(Compgeeks genica.wpd)

IR Press

Share
Published by
IR Press

Recent Posts

Treasury Issues Final Rule Expanding CFIUS Coverage of Real Estate Transactions Around More Than 60 Military Installations

WASHINGTON – Today, the U.S. Department of the Treasury (Treasury), as Chair of the Committee…

4 days ago

U.S. Department of the Treasury’s CDFI Fund and Federal Housing Finance Agency Collaborate to Bolster CDFI Access to Capital

WASHINGTON—Today, the U.S. Department of the Treasury’s Community Development Financial Institutions Fund (CDFI Fund) and…

4 days ago

Report on U.S. Portfolio Holdings of Foreign Securities at Year-End 2023

Washington – The findings from the annual survey of U.S. portfolio holdings of foreign securities…

5 days ago

READOUT: U.S. Department of the Treasury Hosts Roundtable Discussion on the Financial Sector’s Response to Recent Hurricanes

WASHINGTON – The U.S. Department of the Treasury hosted a roundtable on October 30 with…

5 days ago

READOUT: Sixth Meeting of the Financial Working Group Between the United States and the People’s Republic of China

WASHINGTON – The United States and the People’s Republic of China held the sixth meeting…

5 days ago

Treasury Sanctions Key Members of La Linea, a Group Involved in Trafficking Fentanyl into the United States

WASHINGTON — Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned…

5 days ago