Michaels says breaches affect up to 3 million cards
B. Dan Berger
April 21, 2014 – The revelation that up to 3 million payment cards may have been affected
in breaches at Michaels and its subsidiary Aaron Brothers stores
serves as a reminder that consumers remain vulnerable without federal
data security standards for merchants, NAFCU President and CEO Dan
Berger said Friday.
“In light of this and the numerous other
large-scale data breaches occurring on the heels of major breaches at
Target and Neiman Marcus over the holidays, it is clear that Congress
must take action to protect consumers’ financial information,” Berger
wrote in a letter to House and Senate leaders.
Michaels confirmed that the breach, which the company hinted at in
January, was accomplished with malware and may have affected 2.6 million
cards used at Michaels stores from May 8, 2013, through Jan. 27, 2014,
and about 400,000 cards used at its Aaron Brothers stores from June 26,
2013, through Feb. 27, 2014.
Credit unions and other financial
institutions are already subject to minimum data protection requirements
under the Gramm-Leach-Bliley Act. NAFCU, the first national trade group
to call for action in the wake of the Target breach, continues to press
for action on merchant data protection standards and breach notification requirements.
letter went to Senate Majority Leader Harry Reid, D-Nev., and Minority
Leader Mitch McConnell, R-Ky.; and House Speaker John Boehner, R-Ohio,
and Minority Leader Nancy Pelosi, D-Calif.
"After another data breach, Congress pressed to act," 4/18/14