Michaels Breach Casts Doubt on Data Security

By Fitzgerald, Kate | American Banker, June 7, 2011 | Go to article overview

Michaels Breach Casts Doubt on Data Security


Fitzgerald, Kate, American Banker


Byline: Kate Fitzgerald

Michaels Stores Inc. said it was in the process of upgrading its payment terminals to tamper-resistant models when it discovered its current terminals had been compromised, but some experts say the retailer should have realized the need for those upgrades a lot sooner.

The breach has since snowballed into massive legal headaches and potential losses for the retailer, forcing Michaels in short order to replace more than 7,000 terminals nationwide.

"The question is whether Michaels invested in tamper-proof payment terminals before they got broken into, and apparently they did not," said Paul Martaus, president and chief executive of the merchant acquirer consulting firm Martaus & Associates of Mountain Home, Ark. "For years processors have been advertising so-called tamper-resistant terminals, and while that's a fine idea, who would think that a company like Michaels, which caters to people making relatively small purchases for crafts and hobbies, would need the heaviest guns to protect against a widespread payment terminal attack?"

Michaels, like many other organizations, said it was in compliance with generally accepted procedures to prevent such a security breach.

"Michaels undergoes a third-party security audit annually to make sure we are compliant with current requirements and standards, and have always been found in compliance," a Michaels representative said.

The Irving, Texas, retailer on May 25 announced that every U.S. store was equipped with "new, tamper-resistant payment card terminals," adding that it also has "implemented additional security measures to prevent this type of crime from reoccurring." The company has not disclosed the brand of payment terminals involved in the breach nor which brands it deployed as replacements.

And while Michaels executives likely thought they reacted as quickly as possible to stanch losses from the tampering attack, attorneys planning class-action lawsuits are scrutinizing the time line of the company's actions and their potential success in the litigation could escalate the company's potential losses.

Michaels warned in a May 26 quarterly Securities and Exchange Commission filing that other entities might seek damages, and payment card companies and associations also may impose fines. "We do not have sufficient information to reasonably estimate losses we may incur arising from the payment card terminal tampering," Michaels said in the filing.

The sequence of events in the breach is likely to be crucial in determining the extent of losses and pinpointing Michaels' liability, according to legal experts.

Secret Service agents on May 3 disclosed the breach to store executives, who then found that crooks had physically altered the payment terminals at about 8% of the company's 964 stores nationwide, enabling them to skim sensitive data from customers' cards, capture PINs and steal money directly from payment accounts.

Some 90 terminals at 80 Michaels stores spread across 20 states were involved, and at least 100 customers' accounts were affected. Customers of at least a dozen different banks and credit unions reportedly lost funds when criminals used the stolen data to make unauthorized ATM cash withdrawals, but Michaels said that number could rise as more reports surface.

Credit card account data also may have been exposed, although Michaels has not reported any related fraudulent credit card transactions.

The crafts-supply chain notified customers of the breach within two days of discovering the tampering. It also removed approximately 7,200 devices in its U.S. and Canada stores within approximately two weeks.

So far, Michaels has not disclosed details about how so many terminals were compromised, but analysts said all signs point to an organized group of criminals. The company says it is working with law enforcement authorities to apprehend the conspirators. …

The rest of this article is only available to active members of Questia

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Default project is now your active project.
Project items
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Buy instant access to cite pages or passages in MLA 8, MLA 7, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

(Einhorn 25)

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Note: primary sources have slightly different requirements for citation. Please see these guidelines for more information.

Cited article

Michaels Breach Casts Doubt on Data Security
Settings

Settings

Typeface
Text size Smaller Larger Reset View mode
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Help
Full screen
Items saved from this article
  • Highlights & Notes
  • Citations
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

matching results for page

    Questia reader help

    How to highlight and cite specific passages

    1. Click or tap the first word you want to select.
    2. Click or tap the last word you want to select, and you’ll see everything in between get selected.
    3. You’ll then get a menu of options like creating a highlight or a citation from that passage of text.

    OK, got it!

    Cited passage

    Style
    Citations are available only to our active members.
    Buy instant access to cite pages or passages in MLA 8, MLA 7, APA and Chicago citation styles.

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

    1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

    Cited passage

    Thanks for trying Questia!

    Please continue trying out our research tools, but please note, full functionality is available only to our active members.

    Your work will be lost once you leave this Web page.

    Buy instant access to save your work.

    Already a member? Log in now.

    Search by... Author
    Show... All Results Primary Sources Peer-reviewed

    Oops!

    An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.