Michaels Breach Bigger than Reported

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.bankinfosecurity.com/articles.php?art_id=3628

By Tracy Kitten
Managing Editor
Bank Info Security
May 12, 2011

The Michaels debit breach is much bigger than the company initially 
thought.

Michael Stores initially reported that a scheme, in which point-of-sale 
pads customers use to key in their personal identification numbers, was 
isolated to Chicago, but on Tuesday the arts and crafts supplies retailer 
issued a statement that said nearly 90 stores in 20 states, stretching 
from Rhode Island to Washington, were affected.

The breach was first linked to a select group of Chicagoans who reported 
dings to bank accounts after their debit cards were allegedly copied 
during recent transactions at area Michaels craft stores. The Secret 
Service is investigating. Investigators believe legitimate PIN pads were 
traded or swapped out for PIN pads that skim and collect card details.

As a precautionary measure, Michaels has removed some 7,200 PIN pads from 
most of its 964 U.S. stores and expects replacements to be completed 
within the next 15 days. As a precautionary measure, PIN pads in Michaels 
Canadian locations are being screened as well.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/