As reported by ComputerWorld, Geeks.com was hacked and consumer data was lost – the volume of which remains undisclosed. What we do know is the names, addresss, telephone numbers, email addresses, credit card numbers, expiration dates, and card verification numbers on the eCommerce website has the potential of being in unauthorized hands. And right now if you view their Web page it’s ironic to see that they’re still “Hacker Safe” (acquired by McAfee). Oh well, just the continuance of a trend.
Anurag also posed a good question about the Geeks.com incident related to PCI, “Should ScanAlert be revoked of their PCI Scanning abilities?” A fair question and probably one we won’t know the answer to for some time – which in and of itself is an answer. We also don’t know if Geeks.com was “PCI Certified” at the time of the incident, who their auditor was, or anything like that. What we do know is they automatically become a Tier-1 merchant, which carries a certain cost impact with it.
Once Geeks.com gets done with the incident response fire drill (expensive), PCI compliance is going to cost a lot more. Before it was just a quick quarterly scan and a questionnaire. Now their going to have to do a lot more and get it all signed off by a QSA. Incidents like these are going to bite more and more small to midsized merchants hard in the pocket book - especially since PCI compliance really doesn't make a website harder to hack. I don’t think anyone has really done an analysis on the PCI costs after the fact have they?