Michaels Confirms 3 Million Credit Card Numbers Stolen

CommanderFrank

CommanderFrank

Cat Can't Scratch It
Joined
May 9, 2000
Messages
75,399
Michael’s Crafts stores has confirmed what we reported on back in January: the security breach that Michaels discovered ultimately proved to be much worse than initially thought, possibly exposing upwards of three Million customer credit card accounts.

Michaels is giving affected customers 12 months of identify protection, credit monitoring, and fraud assistance service.
Click to expand...
 
My wife is a magnet for these stores that get massive data breaches. She has one particular credit card that has been reissued to her probably 4 times in the past year. Not because she asked for it, they just send her a new card, and she's like WTF is with the new card? Only to find out later that there was a "massive data breach" or what not.
 
No, it'll never end, but it might get better if IS departments get more responsible about how they handle sensitive data.

And there are ways to exert pressure to encourage that. The people who should be exerting that pressure are the executives and security departments of Visa, Mastercard, and American Express. It's their customers who are getting hosed in these security failures. They should be enforcing strict security standards on the businesses allowed to take their cards, especially those businesses that are beaming CC numbers all over their systems.
 
The degree to which companies protect PCI varies significantly. Even with banks not all auditors are equal. I work with a fairly large Cisco partner and hear about companies running secure data over end of life routers and firewalls with date of purchase iOS versions....some of them larger than you would think something like that could happen at. Bottom line, watch your transactions online and don't keep all of your eggs in one basket.
 
They could have saved me having to find the list, and just said "all of our stores were compromised".
 
if I was the person in charge of visa or mastercard -- and I was having to shell out millions to cover or re-issue because a store had lax security.... you bet your ass I'd be charging them more in swipe fees.

Don't want to secure your network to a set of standards accepted by everyone? Instead of the 1% swipe fee you pay, it's now 3% for your business establishment. Don't like it? Secure your shit.

the effect would be perfect too -- the lazy business would lose the ability for customers to pay, and the CC company would shed a huge liability. Customers would actively seek out businesses that took "Super Secure CC" company because they would know the place they are shopping are held to a set of private standards.
 
And I bet they were PCI-DSS compliant too... so much for that joke of a compliance.
 
Babbster said:
No, it'll never end, but it might get better if IS departments get more responsible about how they handle sensitive data.

And there are ways to exert pressure to encourage that. The people who should be exerting that pressure are the executives and security departments of Visa, Mastercard, and American Express. It's their customers who are getting hosed in these security failures. They should be enforcing strict security standards on the businesses allowed to take their cards, especially those businesses that are beaming CC numbers all over their systems.
Click to expand...
Credit card company should bill the store for all the re-issues and identity theft charges they have to eat and for their customer's portion too, problem solved.
 
I work for a large regional bank that backs hundred's of credit cards and manages the debit cards for hundreds of affiliate local banks. There are 4 merchants that I know have been confirmed: Target, Neiman Marcus, Michael's, Sally Beauty supply. The total number of affected merchants our customer's shopped at for winter 2013-2014 is rumored to be 10+. The rest aren't public yet because of lawyers.

Our bank has pro-actively reissued every card involved in the data breaches. Due to the sheer number of card reissues, we nearly ran out of plastic card stock to print them on a few times.

There are only 2 sets of people profiting from these fiascos. The criminals and the company producing the plastic card stock that the card companies stamp the number onto.
 
CCs with required PINs and/or some other way more secure thing is much needed and cannot get here fast enough.

Home Depot doesn't even make you sign a receipt unless the charge is over a certain amount. No ID check or anything.

A lot of stores are like this. Super unsecure.

All the gas stations make you do is enter the billing ZIP code.. oh yeah, like that is going to be real hard to find out.
 
jpm100 said:
Credit card company should bill the store for all the re-issues and identity theft charges they have to eat and for their customer's portion too, problem solved.
Click to expand...

I assure you, these merchants get sued all the time. Target is being sued as we speak. Unfortunately it never really is enough to shut these businesses down.

Visa and Mastercard are moving to Chip and Pin credit cards like what the European's have been using for over a decade. Their deadline is October 2015. There is also a liability shift back to the merchant if they don't upgrade to meet the new standards. In other words, if the merchant runs a card, fraud occurs, and they aren't running the latest equipment standards, they are liable for fraud.
 
jpm100 said:
Credit card company should bill the store for all the re-issues and identity theft charges they have to eat and for their customer's portion too, problem solved.
Click to expand...

No they shouldn't because that was already covered in the credit card fees. The WHOLE POINT of a credit card is that they have risk associated with its use and the credit card company makes money insuring you against that risk. It has ALWAYS been the case that credit card companies have sacrificed some security to make it easier and faster to use credit cards so that they can convince more consumers to use them more often.
 
I think the scariest thing about reading this was to find out Michael's has had over 3 million unique customers. :eek:
 
You must log in or register to reply here.
Back
Top