Thursday the Federal Trade Commission announced that Compgeeks.com, which operates the Web site, and its parent company, Genica Corporation, had agreed to settle federal charges that they had not done enough to protect their customers' data. According to the , the companies stored data collected from Geek.com customers on unencrypted servers, while at the same time posting a privacy statement that gave visitors a false sense of protection. In 2007, hackers took advantage of the lax security to access information for hundreds of Geek.com customers. The agreement is subject to public comment through March 9, after which the FTC will decide whether to finalize it.

According to the FTC , the stolen data ranged from customers' first and last names to their credit card numbers, expiration dates and security codes. The hackers breached the site over a period of at least six months beginning around January 2007 by using SQL injection attacks. The site's operators did not discover the breach until December 2007.

The complaint alleges the site violated federal law by falsely stating that it took "reasonable and appropriate measures to protect personal information from unauthorized access." According to the FTC, the misleading privacy policy statement read in part: "We use secure technology, privacy protection controls, and restrictions on employee access in order to safeguard your information."

Geeks.com will be required to stop making "deceptive privacy and data security claims" and will have to "implement and maintain a comprehensive information-security program that includes administrative, technical, and physical safeguards." The site and its parent company will also have to obtain an audit every other year for 10 years to ensure the new security program meets standards. The FTC will monitor compliance.