DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

(update) Michaels Stores finds tampered PIN pads in 20 states

Posted on May 11, 2011 by Dissent

As noted yesterday by Brian Krebs, the Michaels Store breach appears to be significantly larger than what was originally reported on May 4.  NBC in Chicago reports:

The Irving, Texas-based company reports it removed 7,200 PIN pads from stores as a precautionary measure. Of those removed, less than 90 devices (or 1percent of the total devices) were identified as being compromised.

“The company has commenced replacing these PIN pads in all US stores,” Michaels said in an official statement, “and expects the replacement to be completed within the next 15 days.”

The list of 20 states with PIN pad tampering includes Illinois, Georgia, North Carolina, Ohio, Virginia, New Mexico, Iowa, Delaware, Colorado, Pennsylvania, Rhode Island, Utah, New Jersey, Nevada and Washington.

Gregory Karp of the Chicago Tribune adds:

llinois was hit the hardest, with PIN pads compromised in 14 Michaels stores, all in the Chicago region. They are Bloomingdale, Burbank, Chicago Ridge, Downers Grove, Glenview, Gurnee, McHenry, Mount Prospect, Naperville, Niles, Norridge, Skokie, Vernon Hills and Willowbrook.

The fraud attack has led many banks to proactively freeze bank accounts of customers they think may be vulnerable. For example, Marquette Bank, with 24 branches in the Chicago region, said 1,900, or 3 percent, of its customers were identified as potential victims, meaning they made a PIN-based debit card transaction at Michaels over the past six months.

“We were able to identify fraud early, before Michaels went public with their data breach, so we were able to avoid large losses,” said bank spokesman Jeff McDonald. The bank posted warnings on its Web page and on social media site Twitter, while it also called customers, sent letters and began proactively replacing debit cards of some customers. “Unfortunately, we have become experts in addressing these issues quickly with minimal customer inconvenience after dealing with past retail store breaches,” he said.

[…]

Credit Union 1 recently posted a warning on its website: “Due to an enormous surge in fraudulent ‘Pin based’ ATM transactions in California throughout the financial industry, Credit Union 1 has shut down the availability of ‘Pin based’ ATM transactions in California only. Effective immediately, when a ‘Pin based’ transactions occurs in California, your Credit Union 1 Visa Debit card will be ‘flagged and will not be able to be used again.”

A list of stores known to be affected are included in Michaels Stores’ official statement on pages 2 and 3.

This whole incident is reminiscent of the breaches involving  Hancock Fabrics and ALDI.

Category: Breach IncidentsBusiness SectorID TheftSkimmersU.S.

Post navigation

← (follow-up) Romanian national sentenced in PNC skimming case
Database of Fox Employees’ Passwords and Emails Leaked →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit
  • Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games
  • UK: Oxford City Council still investigating cyberattack from earlier this month
  • Steelmaker Nucor Says Hackers Stole Data in Recent Attack
  • People’s Republic of China cyber threat activity: Cyber Threat Bulletin
  • Ukrainian Web3 security auditing company Hacken suffered an attack that allowed a hacker to create 900 million HAI tokens
  • McLaren provides written notice to 743,131 patients after ransomware attack in July 2024 (2)
  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.