Friday, February 5, 2010

Consumer Electronics Company Agrees to Settle Data Security Charges; Breach Compromised Data of Hundreds of Consumers

FTC: An online seller of computer supplies and other consumer electronics has agreed to settle Federal Trade Commission charges that it violated federal law by failing to provide reasonable security to protect sensitive customer data. ... According to the FTC’s complaint, Compgeeks.com (Compgeeks), which operates the www.geeks.com Web site, and its parent company, Genica Corporation (Genica), collect sensitive information from consumers to obtain authorization for credit card purchases. ... In January 2008, media reports revealed a data breach at the company. It was later confirmed that hackers accessed the sensitive information of hundreds of consumers. ... The proposed settlement ... requires them to implement and maintain a comprehensive information-security program that includes administrative, technical, and physical safeguards. It also requires the companies to obtain, every other year for 10 years, an audit from a qualified, independent, third-party professional to ensure that the security program meets the standards of the order. In addition, the proposed settlement contains standard record-keeping provisions to allow the FTC to monitor compliance.

Read more ...