Michael's Arts and Crafts Stores and Locations Suffer Security Breach From Eastern European Gang
Attacks on retailers continue. Michaels is the latest victim in a string of cyber attacks that began with Target's highly reported data breach at the beginning of the year. Although rumors had circulated that Michael's security had also been compromised, it was not confirmed until recently.
Michaels, an arts and crafts retailer, announced that it had been the latest victim in a string of cyber attacks that have plagued various American retailers, according to the New York Times. It is reported that an estimated 3 million customers were affected by the data breach, which was similar to those experienced by other retailers before.
In a statement released on Friday, the company made the breach public and detailed what transpired, as well as the steps taken by the company. According to the statement, the company suspected a breach in January and hired two security firms to investigate what turned out to be a real breach that affected them and their subsidiary, Aaron Brothers, a custom framing and arts supplier.
"Our customers are always our number one priority and we are truly sorry for any inconvenience or concern Michaels may have caused. We are committed to assisting affected customers by providing fraud assistance, identity protection and credit monitoring services. Importantly, with this incident now fully contained, we can assure customers this malware no longer presents a threat to shoppers at Michaels or Aaron Brothers," said Chuck Rubin, the CEO of Michaels, in a statement.
The company, which has 1,135 stores in 49 states, was hacked from May 8, 2013 until Jan. 27, 2014. According to the Times, 2.6 million of the company's customers were affected as well as about 400,000 Aaron Brothers' customers. The breach, which was caused by a loose gang from Eastern Europe, collected information like credit and debit card numbers and expiration dates. However, no addresses or names were hacked.
Because of these and other previous breaches, the National Association of Federal Credit Unions has asked Congress to act, according to The Hill. Although laws have already been making their way through both chambers of Congress, legislators cannot agree on what to do. Financial institutions have more rigorous standards than credit unions, but banks are affected by a breach regardless.
According to Dan Berger, the group's CEO, retailers should bear the brunt of the costs after a breach, and there should be immediate notification if one occurs.
"Credit unions suffer steep losses in re-establishing member safety after a data breach occurs," he wrote. "Moreover, as many cases of identity theft have been attributed to data breaches, and as identity theft continues to rise, any entity that stores financial or personally identifiable information should be held to minimum standards for protecting such data."