Crafty Cybercriminals Hack Michaels. Customer Payment Card Data May Have Been Used for Fraud.

Posted on January 31st, 2014 by Dan Rampe

Michaels

Move over Target and Neiman Marcus. Make room in the headlines for another breached merchant. This time it’s Michaels, the largest arts and crafts retailer in the world.

While a spokesperson for Michaels declined to say when the data security attack may have occurred, when the company learned of it or how many customer accounts may be affected, Chief Executive Officer Chuck Rubin did comment, “While we have not confirmed a compromise to our system, we believe it is in the best interest of our customers to alert them to this potential issue.”

Writing on Bloomberg.com Mina Kawai and Dan Hart reported that Michaels was working with law enforcement and a third party to determine the scope of the problem. Huh? Why work with law enforcement and a third party to determine the scope of a problem when the CEO refuses to confirm there is a problem?

Anyway, in “plain speak” (as opposed to “corporate speak”), Ed Donovan, a spokesman for the U.S. Secret Service, confirmed that his agency is investigating the breach. And, Michaels, which is based in Irving, Texas and operates over 1200 stores, is urging its customers to check their account statements for unauthorized charges.

Kawai and Hart noted that in May 2011, PIN pads in stores from Washington State to New Jersey “had been tampered with, leading to exposed customer payment over a period of about four months, according to a company statement at the time. About 1 percent of pin pads in its U.S. stores appeared to have been affected and less than 100 customer debit cards were used in fraudulent transactions stemming from the breach.”

Ed Donovan, a spokesman for the U.S. Secret Service, confirmed that his agency is investigating the breach. He declined to comment further.

ThreatMetrix™ secures Web transactions against account takeoverpayment fraudidentity spoofing, malware, and data breaches. The ThreatMetrix Global Trust Intelligence Network, which analyzes 500 million monthly transactions, provides context-based authentication and Web fraud prevention to help companies accelerate revenue, reduce costs and eliminate friction. ThreatMetrix protects more than 160 million active user accounts, 2,500 customers and 10,000 websites across a variety of industries, including financial servicesenterprisee-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.