This article is from the source 'washpo' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at http://www.washingtonpost.com/business/economy/michaels-says-nearly-3-million-customers-hit-by-data-breach/2014/04/18/3074e432-c6fc-11e3-8b9a-8e0977a24aeb_story.html?wprss=rss_homepage
The article has changed 6 times. There is an RSS feed of changes available.
| Version 0 | Version 1 |
|---|---|
| Michaels says nearly 3 million customers hit by data breach | Michaels says nearly 3 million customers hit by data breach |
| (about 1 hour later) | |
| Michaels, the craft store chain that confirmed a data breach earlier this year, said nearly 3 million customers’ information had been stolen from its point-of-sale system, including from several Washington-area stores. | Michaels, the craft store chain that confirmed a data breach earlier this year, said nearly 3 million customers’ information had been stolen from its point-of-sale system, including from several Washington-area stores. |
| The company’s statement late Thursday said two security firms had found that criminals broke into Michaels’s system using “highly sophisticated malware that had not been encountered previously by either of the security firms.” | |
| The malware has since been removed, the company said. | The malware has since been removed, the company said. |
| Michaels posted a list of all affected stores on its Web site. The list includes 23 stores in Maryland and eight stores in Northern Virginia. The retailer does not have any locations in the District. A total of 2.6 million cards — or 7 percent of cards used at Michaels stores during the breach period — were affected. An additional 400,000 cards at its subsidiary Aaron Brothers were affected, the retailer said. | |
| Customers who shopped at Michaels between May and October last year are vulnerable, as well as those who shopped at Aaron Brothers between June 2013 and February 2014. The retailer first confirmed that it had been breached on Jan. 25, after a report by security blogger Brian Krebs. The company’s statement did not say whether it warned Aaron Brothers customers who shopped there in February that their transactions could still be affected, and the retailer did not immediately respond to a request for comment. The stolen information at both stores includes credit and debit card numbers and expiration dates. Customer names, Personal Identification Numbers (PINs) and addresses were not affected, the company said. | |
| “With this incident now fully contained, we can assure customers this malware no longer presents a threat to shoppers at Michaels or Aaron Brothers,” Michaels chief executive Chuck Rubin said in a statement. | |
| Michaels said it would offer customers free credit monitoring services for one year. | Michaels said it would offer customers free credit monitoring services for one year. |
| This is the company’s second security breach. The first incident occurred in May 2011, when criminals tampered with 90 PIN pads at stores across the country to steal customers’ payment card information. | |
| Michaels is one of several major retailers — including Target and Neiman Marcus — that were hit by data breaches last year. The attacks have cast a spotlight on the vulnerability of the nation’s magnetic-stripe payment card system as well as the necessity for a uniform breach notification law that would require companies to tell their customers as soon as they discover a breach. The current system is governed by a patchwork of state-level laws. | |
| Retailers and banks formed a working group earlier this year to combine information and security measures that may help prevent future attacks. | |
| More business news: | More business news: |
| Sally Beauty confirms data breach | |
| Report: Target’s customer traffic hurt by data breach | |
| Hate shopping at these stores? You’re not alone. | Hate shopping at these stores? You’re not alone. |