resource center
  See your link here
|
IDG News Service - The operator of the Geeks.com Web site will submit to five outside security audits over the next 10 years as part of a data-breach settlement deal with the Federal Trade Commission, which found that the online retailer had failed to adequately protect its customer data prior to the breach.
Geeks.com, which sells computer supplies and consumer electronics, disclosed the data breach in January 2008 after discovering it the month before. The retailer, which is formally known as Genica Corp., said that the compromised information included the names, street and e-mail addresses, telephone numbers and credit card numbers of affected customers.
The breach was notable because the Geeks.com site prominently displayed a "Hacker Safe" seal provided to companies by McAfee Inc. as part of its ScanAlert vulnerability scanning service. However, McAfee officials said at the time that the Hacker Safe certification — since renamed McAfee Secure — had been withdrawn from Geeks.com on multiple occasions during 2007 after scans found vulnerabilities in its systems.
According to a complaint filed by the FTC, Geeks.com routinely stored sensitive customer data in unencrypted form on its systems prior to discovering the breach. The retailer also didn't "adequately assess" whether its Web applications and network were vulnerable to commonly known and foreseeable hacking attempts, including SQL injection attacks, the FTC said.
Nor did Geeks.com implement "simple, readily available" and inexpensive defenses to thwart such attacks, the commission claimed. The FTC's complaint alleged that the shortcoming enabled hackers to repeatedly exploit the vulnerabilities in Geeks.com's systems from January to June 2007.
In addition, the retailer violated federal law by falsely stating that it had taken appropriate measures to protect personal data, the FTC said. Geeks.com's privacy policy states: "We use secure technology, privacy protection controls and restrictions on employee access in order to safeguard your information."
The settlement with the FTC, announced Thursday, bars Geeks.com from making deceptive privacy and data security claims and requires it to implement and maintain a comprehensive information security program. The deal also requires the company to undergo a third-party audit every other year for the next 10 years in order to ensure that the internal security program meets the standards spelled out in the settlement.
Peter Green, Genica's marketing manager, said the company has worked closely with state and federal law enforcement officials and with computer forensics experts to try to find out who was responsible for the breach and to fix any security problems in its systems. "We have taken this breach very seriously," he said.
IDG.net
Southern Company
Download Now
Data Protection and Disaster Recovery with iSCSI and VMware
Get this on demand webcast now
Defending Against the Storm
Download Now
Extending Client Refresh - 11 Steps to Maximize Savings
Register Now!
Share our Strength
Download Now
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Top 10 Things to Know about Data Protection
Download Now
Consolidate Your Servers and Storage to Lower Costs with Oracle Database 11g
Register for this webcast!
Sign up to receive updates on the latest Security resources
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDC
IDG
IDG Connect
IDG Knowledge Hub
IDG TechNetwork
IDG Ventures
IDG.net
InfoWorld
ITwhitepapers
ITworld
JavaWorld
LinuxWorld
Macworld
Network World
PC World
The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission ofComputerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. |
