US arts-and-crafts retailer Michaels Stores admitted last week that two security breaches that occurred over an eight-month period might have compromised more than 3m customer credit and debit cards. The company said it has received a “limited number of reports” from banks and payment card brands of fraudulent charges that may be connected to the breaches.
Michaels first learned of a possible breach at the end of January 2014. It was first reported by Brian Krebs of Krebs on Security, after several sources determined that hundreds of consumers whose cards had been used for fraudulent purchases had all recently shopped at Michaels.
Since then, Michaels has had two independent security firms investigating the incident. The investigation revealed that the retailer and its subsidiary, Aaron Brothers were attacked with “highly sophisticated malware” that neither security firm had ever encountered previously.
Michaels said that the affected systems contained customer card information, such as card numbers and expiration dates. However, the retailer said there was no evidence that names, addresses or PINs were compromised.
The Michaels breach targeted certain point-of-sale (POS) systems in the stores between May 8, 2013 and January 27, 2014. The retailer said that only about 7% of cards used in the stores were affected, however, that amounts to about 2.6 million cards. The affected stores have been posted on the Michaels website.
The Aaron Brothers breach is said to have impacted 54 stores from June 26, 2013 to February 27, 2014. Michaels estimates that about 400,000 cards were affected. A list of affected locations was posted on the Aaron Brothers website.
Michaels said it has now “fully contained” the incidents, and that the malware no longer poses any threat to customers. The retailer added that it would provide affected customers with fraud assistance, identity protection and credit monitoring services.
“In an era where very sophisticated and determined criminals have proven capable of successfully attacking a wide range of computer networks, we must all increase our level of vigilance,” said Chuck Rubin, CEO of Michaels. “Michaels is committed to working with all appropriate parties to improve the security of payment card transactions for all consumers.”
Krebs noted that this is the second time in the past three years that Michaels’s payment cards systems have been compromised. In May 2011, the retailer acknowledged that criminals had physically tampered with POS devices in some of its Chicago stores. Further investigation revealed that Michaels’ POS devices had been compromised across the US.
In today’s digitally connected world, infinite quantities of data are produced by consumers daily at a mind-boggling pace and volume. With under three months left to prepare, here are four areas for businesses to consider, to make sure they are ready for GDPR implementation.
Cash-flow based metrics now feature prominently alongside traditional revenue measures of business performance in the key figures or financial summary pages of any public company.
GTNews asks Pugsley about what advice she would give to treasurers dealing with mergers and acquisitions, what the key challenges for her year ahead will be and how she is selecting a treasury management system (TMS).
The US money market fund reforms came into effect in 2016 and are already dramatically shaping US fund industry with investors flooding out of prime funds and into government securities. While the reforms are similar, they are not the same. GTNews interviews Yeng Bulter, global head of the cash business at State Street Global Advisors on the differences.