Craft Store Chain Michaels May be Latest Hacking Target

CommanderFrank

CommanderFrank

Cat Can't Scratch It
Joined
May 9, 2000
Messages
75,399
Next on the list of probable security breached retailers is Michaels, a craft shop chain with 1100 stores nationwide. Details are scarce at this point, but an investigation with federal law enforcement is underway to determine the scope of the breach.

Michaels believes it is appropriate to let its customers know a potential issue may have occurred.” The US Secret Service has confirmed that it is investigating the matter.
Click to expand...
 
See this never happened with M.J. Designs.

But seriously, I am heavily considering going back to cash or at least a rechargeable credit card.
 
Sucks this keeps happening -- but maybe, just maybe. All these corporations will take measures to upgrade their security?

Just like our nations infrastructure, things like security and accountability are very rare.

If we had a different out look on the idea of the "hacker" maybe we wouldn't be so far up shit creek. Instead of throwing our nerds into prison maybe we should have hired them to secure our corporate data?

I remember being in high school 15 years ago on an uber UN-secure novell network, the things I could have done, whew. Know what happened when I pointed out some of the flaws to the so called administration? I got in trouble.

Maybe someday the idiots "in charge" at big corps, and at the head of this country will get their head out of their ass secure their shit
 
I started using cash again and I forgot how much I hated coins.
 
Im under just the opposite mindset.. let them trash everyone's credit & it wont matter anymore.
 
Yeah, I am with you on the cash option. Until they come up with a way to have SECURE credit/debit transactions, I'll have to really think twice about on using the cards.
 
Either all of these intrusions are somehow inside jobs, or are the result of having credit card machines that have compromised hardware/microchips...Looks like stores aren't doing proper hardening/intrusion mitigation testing all the same.

The companies will whine, "ITS TWO EXPENSIEV TO DO ALL TAHT, WE CNA'T AFFORD TO DO THAT!!!!111!!!eleven"

Bullshit.

You can't afford NOT TO.
 
I've never been to "Michael's craft store" because I'm straight
 
Another store that stored credit card records for no reason other than to say "we have them"... another store has "data breach"... another instance of the only penalty the store gets is some bad press.

Wonder how long until a congressman has their data stolen before we start getting some laws that make it either illegal to store this data beyond the time it takes them to get paid by the CC company or make business financially responsible for what is stolen.
 
Isn't the hack in question on that impacts POS systems, and most large retailers use the same system. So ultimately we will find that ALL the major retailers have all been compromised.
 
Depends by how badly each of these merchants is breaking pci compliance regulations....

One of these days, they're going to have to face facts that they need to step up their game.

Not going to be for a long time, I'm thinking. :(
 
sfsuphysics said:
Another store that stored credit card records for no reason other than to say "we have them"... another store has "data breach"... another instance of the only penalty the store gets is some bad press.

Wonder how long until a congressman has their data stolen before we start getting some laws that make it either illegal to store this data beyond the time it takes them to get paid by the CC company or make business financially responsible for what is stolen.
Click to expand...

While I am no way excusing the storage of credit cards, this statement isn't exactly true. From a business perspective, there are several reasons a retailer may want to store credit cards. Storage of credit cards, whether encrypted/tokenized/whatever, are pretty much a must for asset protection/loss prevention folks, particularly when it comes to internal fraud. I'll give you an example: Let's say you catch wind of an employee creating fraudulent refunds to SKUs not tracked in inventory and he uses bogus customer information on those return transactions. How would you know if they are legitimate or not? If you can go back 9 months prior and see he purchased some widget with that card number for himself, you've got him nailed.

CRM and marketing folks also love it to be able to track purchasing habits--how else do you track purchases without gathering a customer's name at every transaction? We may not like it, but that's the reality--everyone does it. That said, I haven't heard of a retailer storing plain text credit card data in a long time. There's really no need for it.
 
Satyrist said:
Either all of these intrusions are somehow inside jobs, or are the result of having credit card machines that have compromised hardware/microchips...Looks like stores aren't doing proper hardening/intrusion mitigation testing all the same.

The companies will whine, "ITS TWO EXPENSIEV TO DO ALL TAHT, WE CNA'T AFFORD TO DO THAT!!!!111!!!eleven"

Bullshit.

You can't afford NOT TO.
Click to expand...

That's actually how it goes down. No joke. Granted, POS software and hardware runs in the many, many millions of dollars and can take years in development and implementation. Unfortunately, it's not as simple as saying "let's just do some pen testing!" and be done with it. I do agree with you, however.

source: Guy who does POS stuff for a living.
 
You must log in or register to reply here.
Back
Top