Forgot your password?
typodupeerror
Security Businesses Crime

Michaels Stores Investigating Possible Data Breach 106

Posted by timothy
from the switching-targets dept.
tsu doh nimh writes "Michaels Stores Inc., which runs more than 1,250 crafts stores across the United States, said Saturday that it is investigating a possible data breach involving customer cardholder information. According to Brian Krebs, the journalist who broke the story [and, previously] news of the Target and Neiman Marcus breaches, the U.S. Secret Service has confirmed it is investigating. Krebs cited multiple sources in the banking industry saying they were tracking a pattern of fraud on cards that were all recently used at Michaels Stores Inc. In response to that story, Michaels issued a statement saying it 'recently learned of possible fraudulent activity on some U.S. payment cards that had been used at Michaels, suggesting that the Company may have experienced a data security attack.' In 2011, Michaels disclosed that attackers had physically tampered with point-of-sale terminals in multiple stores, but so far there are no indications what might be the cause of the latest breach. Both Target and Neiman Marcus have said the culprit was malicious software designed to steal payment card data, and at least in Target's case that's been shown to be malware made to infect retail cash registers."
This discussion has been archived. No new comments can be posted.

Michaels Stores Investigating Possible Data Breach

Comments Filter:
  • Credit cards (Score:2, Insightful)

    by Anonymous Coward on Saturday January 25, 2014 @09:50PM (#46070033)

    Way too easy to commit fraud. Pay cash for small purchases. And stop giving stores your name for loyalty cards or marketing

  • Chip & Pin (Score:5, Insightful)

    by beelsebob (529313) on Saturday January 25, 2014 @09:53PM (#46070047)

    Seriously... Why have the US banks not rolled Chip & Pin out yet? This wouldn't be an issue if they had, and it's almost certainly costing them a lot more in refunded transactions than a roll out would have.

  • by Anonymous Coward on Saturday January 25, 2014 @10:38PM (#46070279)

    There's an even easier solution: don't store cardholder information in a database

    There is no need to save credit card numbers, expiration dates, CVV2 codes, and personally identifiable information once the authorization of charge has been obtained. None whatsoever.

    Getting an auth code means you're getting your money. You don't need to store my entire credit card number.

  • by Anonymous Coward on Sunday January 26, 2014 @05:25AM (#46071587)

    CONservatives vs LIEberals or REPTILEcans vs DEMONcrats; you make the call.

  • by Anonymous Coward on Sunday January 26, 2014 @07:41AM (#46071849)
    Turning a Russian mafia crime scheme into an American political party debate. Do you both have any idea of how stupid you sound? This would not even be relevant if there was an actual difference between party A or party B, which time has shown there is none. Fine, go at each other's throats while your house burns down.

Help! I'm trapped in a PDP 11/70!

Working...