Newsroom
April 18, 2014
Michaels says breaches affect up to 3 million cards
April 21, 2014 – The revelation that up to 3 million payment cards may have been affected
in breaches at Michaels and its subsidiary Aaron Brothers stores
serves as a reminder that consumers remain vulnerable without federal
data security standards for merchants, NAFCU President and CEO Dan
Berger said Friday.
"In light of this and the numerous other large-scale data breaches occurring on the heels of major breaches at Target and Neiman Marcus over the holidays, it is clear that Congress must take action to protect consumers' financial information," Berger wrote in a letter to House and Senate leaders.
Last week, Michaels confirmed that the breach, which the company hinted at in January, was accomplished with malware and may have affected 2.6 million cards used at Michaels stores from May 8, 2013, through Jan. 27, 2014, and about 400,000 cards used at its Aaron Brothers stores from June 26, 2013, through Feb. 27, 2014.
Credit unions and other financial institutions are already subject to minimum data protection requirements under the Gramm-Leach-Bliley Act. NAFCU, the first national trade group to call for action in the wake of the Target breach, continues to press for action on merchant data protection standards and breach notification requirements.
Berger's letter went to Senate Majority Leader Harry Reid, D-Nev., and Minority Leader Mitch McConnell, R-Ky.; and House Speaker John Boehner, R-Ohio, and Minority Leader Nancy Pelosi, D-Calif.
"In light of this and the numerous other large-scale data breaches occurring on the heels of major breaches at Target and Neiman Marcus over the holidays, it is clear that Congress must take action to protect consumers' financial information," Berger wrote in a letter to House and Senate leaders.
Last week, Michaels confirmed that the breach, which the company hinted at in January, was accomplished with malware and may have affected 2.6 million cards used at Michaels stores from May 8, 2013, through Jan. 27, 2014, and about 400,000 cards used at its Aaron Brothers stores from June 26, 2013, through Feb. 27, 2014.
Credit unions and other financial institutions are already subject to minimum data protection requirements under the Gramm-Leach-Bliley Act. NAFCU, the first national trade group to call for action in the wake of the Target breach, continues to press for action on merchant data protection standards and breach notification requirements.
Berger's letter went to Senate Majority Leader Harry Reid, D-Nev., and Minority Leader Mitch McConnell, R-Ky.; and House Speaker John Boehner, R-Ohio, and Minority Leader Nancy Pelosi, D-Calif.
Share This
Related Resources
Data Privacy Issue Brief
Whitepapers
Data Privacy Issue Brief
Whitepapers
NAFCU Data Privacy Principles
Whitepapers
Compliance Monitor - August 2018
Newsletter
Get daily updates.
Subscribe to NAFCU today.