Michael’s Latest Breach Victim
Jan. 27, 2014
Arts-and-crafts retail chain Michael’s appears to be the most recent security-breach victim. Over the weekend, security blogger Brian Krebs reported that sources within several payment processors and financial institutions had seen a pattern of fraudulent activity they traced back to the Irving, Texas-based retailer. Michael’s Stores Inc. subsequently issued a statement on Saturday disclosing it “may have experienced a data security attack.”
“We are concerned there may have been a data security attack on Michaels that may have affected our customers’ payment card information and we are taking aggressive action to determine the nature and scope of the issue,” said Chuck Rubin, CEO of Michaels. “While we have not confirmed a compromise to our systems, we believe it is in the best interest of our customers to alert them to this potential issue so they can take steps to protect themselves, for example, by reviewing their payment card account statements for unauthorized charges.”
The U.S. Secret Service confirmed it is investigating the possible intrusion.
Last week, another major retailer that recently disclosed a breach notified customers that the intrusion was more extensive than originally thought. Neiman Marcus said in a statement the attack may have compromised the payment-card information of more than million customers.
“While the forensic and criminal investigations are ongoing, we know that malicious software (malware) was clandestinely installed on our system. It appears that the malware actively attempted to collect or ‘scrape’ payment card data from July 16, 2013 to October 30, 2013,” the company said in a letter to its customers. “During those months, approximately 1,100,000 customer payment cards could have been potentially visible to the malware. To date, Visa, MasterCard and Discover have notified us that approximately 2,400 unique customer payment cards used at Neiman Marcus and Last Call stores were subsequently used fraudulently.”