Data Breach: Michaels Stores

Accessories for paintingMichaels Stores, Inc. is now reporting that two separate 8-month long security breaches at its stores last year may have exposed as many as 3 million customer credit and debit cards.  The company says there is no evidence that other customer personal information, such as name, address or debit card PIN, was at risk in connection with this issue.  Reportedly, the security firms Michaels hired to investigate the “break-ins” found nothing but the ultimate analysis confirmed the attacks “using highly sophisticated malware that had not been encountered previously by either of the security firms.”  In a press release dated April 17, 2014, the company states: “The Company has now identified and fully contained the incident, and the malware no longer presents a threat while shopping at Michaels or Aaron Brother.”  Following the disclosures regarding Target and Neiman Marcus, in January of this year, Michaels Stores had previously reported that it was investigating a potential security breach involving customers’ credit card information.

The Target breach involved thieves planting malware on cash registers; the malware was designed to siphon card data when customers swiped the cards at the cash register.  According to the information released by Michaels, it appears that the affected systems contained certain payment card information, card number and expiration date, but that there was no evidence that other customer personal information (name, address, debit card PIN) was at risk.

See press release: http://www.businesswire.com/news/home/20140417006352/en/Michaels-Identifies-Previously-Announced-Data-Security-Issue#.U1Fa8fldV1Z

See information regarding nature/scope of breach:

https://krebsonsecurity.com/2014/04/3-million-customer-credit-debit-cards-stolen-in-michaels-aaron-brothers-breaches/

 

michaels

Apple, Facebook, Twitter: Mobile App Development Leads to Hacking?

wateringholeStock_000006594898XSmall spearStock_000004731498XSmall

Watering Holes and Spear Phishing

From AllThingsD:

http://allthingsd.com/20130219/this-is-the-site-likely-responsible-for-the-recent-major-tech-company-hacks/

“A ‘watering hole’ attack, in that it’s launched from a centralized, popular location that many people visit across multiple industries.”

Twitter reports at least 250,000 accounts affected.  Attack reportedly originated in Eastern Europe:

http://www.theverge.com/web/2013/2/19/4006868/hackers-exploit-java-vulnerability-apple-facebook-twitter#apple-facebook-and-twitter-hacks-reportedly-originated-in-eastern