Over the past 6 months US retailers and American consumers have been rocked by a string of high profile Point of Sale System card data breaches, starting with the massive breach at Target last December.
Now, the retail arts & crafts supplier Michaels Stores and their customers join the list of victims of criminal hackers. Michaels Stores revealed last week that about 2.6 million cards used a their stores and another 400,000 at their subsidiary Aaron Brothers may have been compromised by a breach of the point of sale system
This not entirely new news. Michaels reported in January that they were investigating a possible data breach. Until now, no additional information was made available.
As it turns out, they believe their point of sale system was exposed from May 8, 2013, to Jan. 27, 2014. At this point, they believe the exposure is limited to data captured by a card swipe and not the detailed customer account information. This is enough information to produce a fraudulent card, but does not include the card security code required for web transaction and the pin number required for ATM transactions.
However, it is important to recall that Target initially said the same thing, but it turned out that their customer account information was also compromised.
Unlike some other recent breaches, where relatively crude methods were employed, believes the attacks were extremely sophisticated. The software used was previously unknown by it and its security investigators.
Michaels is assuring customers that the threat has been neutralized.
In 2001, hackers stole the cards data from 94,000 cards by replacing 84 PIN pads on payment-card terminals at a small number of Michaels over 1200 stores.