Here we go again. Another major retailer has been the victim of a huge security breach. This kind of news makes you so feel so secure, doesn't it?
This time it was arts and crafts retailer Michaels, which revealed on Thursday that it, like both Target and Neiman Marcus before it, had been the target of a security breach that may have put millions of credit cards at risk.
The attack, which took place between May 8th, 2013 and January 27th, 2014, may have affected up to 2.6 million cards, or 7% of the amount used at the stores during that time period. In addition, 54 locations of Michaels subidiary Aaron Brothers were hit between June 26, 2013 and February 27, 2014, possibly affecting another 400,000 cards.
That is 3 million total credit cards that were put at risk. Already at least a few cards have been reported with fraudulent charges.
The information that was gleamed from the cards was the card number and expiration date, but "there is no evidence that other customer personal information, such as name, address or PIN, was at risk in connection with this issue."
“In an era where very sophisticated and determined criminals have proven capable of successfully attacking a wide range of computer networks, we must all increase our level of vigilance," Chuck Rubin, CEO of Michaels, said in a statement.
"Michaels is committed to working with all appropriate parties to improve the security of payment card transactions for all consumers.”
Michaels first learned of the possible breach back in January, and has spent the last four months partnering with two independent security firms as well as "working closely with law enforcement authorities and coordinating with banks and payment processors to determine the facts."
As I said above, Michaels is the third store to admit that it was hit by hackers.
The cyber attack on Target occurred between November 27 and December 15 of last year, and is said to have potentially affected up to an astounding 70 million customers who shopped there.
The Neiman Marcus breach took place over a longer period of time, July 16th to October 30th, but affected less people. The store revealed on Thursday that there were 1.1 million cards potentially affected, with 2,400 already being used fraudulently.
The Target breach came from an advanced piece of software called POSRAM Trojan, which is also responsible for other attacks on retailers’ point-of-sale systems. POSRAM is a memory scraper that captures data stored on a card’s magnetic stripe in the moment when it’s swiped through the terminal and the data is still in the system’s memory. Data that’s encrypted appears in plain text.
Both retailers said that online shoppers were not affected
In January, the FBI released a report that said that a total of 20 cases of retailers being hacking had occured in the past year, and they that involved the same kind of software that was used to hit Target.
(Image source: en.wikipedia.org)