Likely Data Breach Hints That Hackers Are Craftier Than Michaels Stores
NEW YORK (MainStreet) What is it about retailers and their lax controls over customers' credit card data?
Last month, Target was hit by a data security breach, leaving credit card data from 70 million customers vulnerable to theft. Early in January, Neiman Marcus reported that 1 million of its shoppers were affected by a data breach linked to the retailer's cash register network.
This week, Michaels Stores, the home crafts retailer, reported that it was reviewing evidence of a possible breach.
"We are concerned there may have been a data security attack on Michaels that may have affected our customers' payment card information, and we are taking aggressive action to determine the nature and scope of the issue," Michaels' Chief Executive Chuck Rubin said Saturday.
Michaels says it's "working closely with federal law enforcement and is conducting an investigation with the help of third-party data security experts to establish the facts."
"Although the investigation is ongoing, based on the information the company has received and in light of the widely reported criminal efforts to penetrate the data systems of U.S. retailers, Michaels believes it is appropriate to let its customers know a potential issue may have occurred."
To be safe, Rubin said, Michaels shoppers who have used their credit or debit cards at the store should start checking their statements immediately for unusual charges.
"While we have not confirmed a compromise to our systems, we believe it is in the best interest of our customers to alert them to this potential issue so they can take steps to protect themselves, for example, by reviewing their payment card account statements for unauthorized charges," he says.
Consumers should look back to early January for fraudulent charges. Krebs on Security, which covers corporate IT security issues, reported that "hundreds" of credit cards experiencing fraudulent purchases were "traced back to Michaels" in recent weeks:
Sources with four different financial institutions have over the past few days said hundreds of customer cards that recently had been used for fraudulent purchases all traced back to Michaels stores as the common point of purchase.
On Friday, the site heard from a fraud analyst at a large credit card processor that was seeing fraud over the previous two days from hundreds of cards that all been recently used at Michaels. The fraudulent purchases, the source said, took place at big box stores such as BestBuy and Target.
Michaels' shoppers can check in with the retailer's website. The company promised to keep customers updated.
By Brian O'Connell