Michaels becomes latest retailer hit with credit card data breach

[Exterminator]

Content source

http://www.neowin.net/news/michaels-becomes-latest-retailer-hit-with-credit-card-data-breach

A few months after Target and Neiman Marcus announced that credit card data had been taken by cyber-criminals, the arts and crafts store franchise Michaels confirmed that millions of credit card numbers may have been lifted from its database.

In a press release, Michaels stated that the breach happened between between May 8, 2013 and January 27, 2014. It added that the cyber criminals that committed this act used "highly sophisticated malware that had not been encountered previously by either of the security firms" the company used to discover the breach.

The end result was that 2.6 million credit card numbers that were used in Michaels stores in the U.S were exposed in the breach, which amounts to about seven percent of the credit cards that were used in those stores. A second breach caused 400,000 more numbers to be taken from Michaels' Aaron Brothers store unit.

Michaels says there is no evidence that personal customer information such as names, addresses or PIN numbers were also taken as part of this stolen data. The company says that the malware that was used for this breach "no longer presents a threat". It added that it is working with law enforcement authorities, along with banks and payment processors, to contain the damage.

Source: Michaels

 

[cruelsister]

I hope they disclose the nature of the breach. The way Target was breached was particularly amazing. They went to the expense of installing the Managed Defense system by FireEye which worked as it should and alerted when the first breach occurred. The problem was that Target had turfed out the monitoring to a firm in India who got the initial alert. When India contacted Target Corporate IT folks in the US they (India) were told it had to be a False Positive and to switch to Log Only and otherwise ignore.