U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

Arts and crafts retailer Michaels Stores Inc warns over credit card fraud

Michaels Stores Inc., US-based arts-and-crafts retailer, confirmed it is investigating a possible data breach affecting customer cards. Michaels Stores Inc., US-based arts-and-crafts retailer maybe is the last victim of a massive data breach, a few weeks after the hack of US retailer Target and Neiman Marcus. Michaels Stores Inc has more than 1,250 stores across the United […]

Arts and crafts retailer Michaels Stores Inc warns over credit card fraud

Michaels Stores Inc., US-based arts-and-crafts retailer, confirmed it is investigating a possible data breach affecting customer cards.

Michaels Stores Inc., US-based arts-and-crafts retailer maybe is the last victim of a massive data breach, a few weeks after the hack of US retailer Target and Neiman Marcus. Michaels Stores Inc has more than 1,250 stores across the United States, according different sources in the banking industry the company is a victim of a credit card fraud. Fraud experts have detected a pattern of illicit activity on a set of cards all recently used at the store of the company.

According sources at four different financial institutions, hundreds of customer cards used at Michaels stores  had been recently used for fraudulent purchases. It is not the first time that Michaels suffered a data breach, In 2011 the company disclosed that criminals compromised point-of-sale devices in some Chicago and Washington locations.

The popular investigator Brian Krebs revealed on his blog to have contacted the company listed as the press contact on michaels.com, SPM Communications, but after he was redirected to a crisis communications firm, he hasn’t received any comment.

Michaels Stores Inc

The US Secret Service has confirmed it is investigating on a potential data breach at Michaels, the company also started its analysis and issued a statement in which it confirmed that it was informed on a possible fraudulent activity on some U.S. payment cards that had been used at Michaels.

“The Company is working closely with federal law enforcement and is conducting an investigation with the help of third-party data security experts to establish the facts. Although the investigation is ongoing, based on the information the Company has received and in light of the widely-reported criminal efforts to penetrate the data systems of U.S. retailers, Michaels believes it is appropriate to let its customers know a potential issue may have occurred.”

“We are concerned there may have been a data security attack on Michaels that may have affected our customers’ payment card information and we are taking aggressive action to determine the nature and scope of the issue,” said Chuck Rubin, CEO. “While we have not confirmed a compromise to our systems, we believe it is in the best interest of our customers to alert them to this potential issue so they can take steps to protect themselves, for example, by reviewing their payment card account statements for unauthorized charges.” states the official statement.

Brian Krebs reported that the fraudulent purchases on those cards took place at big stores like BestBuy and Target.

“What’s interesting is there’s another [arts and framing] store called Aaron Brothers, and within past week or two there was a lot of activity talking about Aaron Brothers,” ”One of the things I learned the other day is that Aaron Brothers is wholly owned by Michael’s. It really does look like kind of the way we saw the Target breach spin up, because the fraud here isn’t limited to one store or one area, it’s been all over the place.” revealed a source to Krebs.

In time I’m writing, there are no news on how criminals have stolen the credit card data, it’s normal that many security experts immediately linked this incident to the recent data breaches for which BlackPos malware was used.  Just a few days ago Neiman Marcus informed the press that the breach is suffered from July 16, 2013 to Oct. 30, 2013 and may have impacted more than 1.1 million customer cards.

Let’s wait for further information.

Pierluigi Paganini

(Security Affairs –  Michaels StoresData breach)