MICHAELS CONFIRMS BREACH
Michaels Stores Inc. said Thursday that about 2.6 million cards, or about 7 percent of all debit and credit cards used at its namesake stores, may have been affected in a security breach. The arts and crafts chain said its subsidiary Aaron Brothers was also attacked, with about 400,000 cards potentially affected.
Irving, Texas-based Michaels said that it has contained the incident, which began last year. It has received “limited” reports of fraud from banks and the payment card brands that are potentially connected to the breach.
The compromised data includes customer information such as payment card numbers and expiration dates. But there’s no evidence that other personal information such as names, addresses or PIN numbers were at risk, Michaels said.
— Associated Press
Secret Service investigators say they are close to gaining a full understanding of the methods hackers used to breach Target’s computer systems last December.
But the agency says it could take years to identify the criminals who stole about 40 million debit and credit card numbers of Target shoppers and other personal information from as many as 70 million people in the pre-Christmas breach.
And it may take even longer to bring the offenders to justice. The federal investigation is complicated by the international nature of high-profile digital heists. The perpetrators are likely overseas, which makes extradition and prosecution difficult. As a result, the Secret Service is focused on monitoring the online activities of its suspects, in hopes that they’ll be able to arrest them at an opportune moment, says Ari Baranoff, an assistant special agent in charge with the Secret Service’s criminal investigative division.
“We take a lot of pride in having a lot of patience,” Baranoff said. “There are individuals we’ve apprehended that we’ve known about for 10 years and we’re very comfortable indicting these individuals, sitting back and waiting patiently until the opportunity arrives that we can apprehend them.”
Target says it can’t yet estimate what the breach will cost the company, but some analysts put it at close to half a billion dollars. The total cost of the breach —which also would include losses incurred by banks, consumers and others— could easily reach into the billions of dollars.
Target, which is in the midst of its own investigation, has said very little about how the breach happened, except that it believes the thieves gained entry to its systems by infiltrating computers owned by one of its vendors, thought to be a Pittsburgh-area heating and refrigeration business.
Further complicating matters, Baranoff says the vast majority of high-level cybercriminals tend to be Russian speakers based in former Soviet and Eastern European countries, which largely puts them out of the reach of U.S. authorities.
But the Secret Service has strong ties with cybercrime agencies in many countries — including The Netherlands, Germany and the United Kingdom — and has found others to be helpful as well, even if they don’t have extradition treaties with the United States.
While best known for protecting the president, the Secret Service was originally formed to investigate crimes related to counterfeit currency. The passage of the Patriot Act following the Sept. 11 terrorist attacks expanded its role in investigating computer-related crimes.
About the Author
