[Update] Michaels Provides Details About Debit Card Data Theft

Michaels Stores, Inc. has made public more details about the theft of customer bank account data from some of their stores via compromised debit card PIN pads.

The company has identified what it describes as “less than 90” PIN pads from its U.S. stores (less than 1% of the total in use) that appear to have been tampered with. The tampered pads were found spread through stores in 20 different states around the country. Visit the Michaels website for a full list of affected stores.

The company has also removed approximately 7,200 PIN pads from its stores that are similar to the tampered ones. Until these pads are replaced, customer credit and debit transactions will be processed directly on the register at the affected stores. Michaels Stores are also conducting security examinations of all Canadian store PIN pads as a precaution.

The latest from the investigation indicates that compromised PIN pad transactions occurred between February 8th and May 6th. Fewer than 100 Michaels customers have reported fraudulent transactions on their debit cards from the data theft, the company says.

Michaels said in a statement Thursday that the Secret Service has commended their response to the data theft. The company is still recommending that customers take precautions such as watching their bank statements for fraudulent transactions. Any unauthorized transactions should be reported to the card issuer.

8 Responses to [Update] Michaels Provides Details About Debit Card Data Theft

  1. Rene' May 15, 2011 at 3:15 am #

    I know i just read this on yahoo main page this is really terriable for thoses customers. I really hope they get a better in site to protect customers better.. hope they get there money back.. What i don’t get is they didn’t know about there pads you put your pin number into it…wouldn’t you have seen people messing with it..?

  2. Nicole May 15, 2011 at 9:45 am #

    I hope when they catch the thieves they are put away for a very long time. There has to be more than one person responsible. I hate to suggest it was an inside job but it seems so wide-spread that any other explanation seems improbable.

  3. Susan May 16, 2011 at 12:09 pm #

    I was impacted by this. No money was taken from my account, but my bank revoked my debit card. I was happy they were proactive, but I was terribly embarassed at a store (Hobby Lobby, in fact) when my card was rejected for a $5 purchase. I hadn’t gotten the message yet that my card was revoked. After this, I’m not going to use my PIN at any stores; I’ll just run it like a credit card.

    • Nancy Nally May 16, 2011 at 12:25 pm #

      I can tell you from experience that many stores will not allow you to use your debit card without a PIN. They pay higher transaction fees on credit transactions than they do on debit transactions, and when the store’s merchant processing computer detects that the card is a debit card it forces a debit PIN transaction to save the store money.

  4. Shannon May 23, 2011 at 9:00 am #

    I saw this report a couple weeks ago and didn’t think about it. Within 2 hours after leaving a Michael’s store in Arlington, Texas on May 21, my debit account was compromised. Someone in Sun Valley, Ca debited my account for $400, then tried to take another $900 in separate transactions ranging from $100 to $400 each. Chase Bank immediately caught the first one, which did go through and they immediately notified me via email. I thought the email could have been a spoof, so I called the number on the back of my card. They verified the fraud alert and guaranteed I’d receive the $400 back since it was a legitimate fraudulent transaction. The POS debit card machine looked normal and no signs it was tampered with. I cannot say it was Michael’s where my card information was stolen, but the case sounds very similar. I mentioned this article to the Chase agent, but they also cannot say it was Michael’s machine as the suspect until further investigation. Be VERY careful! For now, pay with cash.

  5. Megan May 25, 2011 at 11:56 pm #

    I was one of the Michael’s customers with my data stolen. I shopped at the only PA store that was tampered with on 4/12/11…lucky me! I got a call on 5/15/11 from my bank telling me they had frozen my account after $503 was withdrawn from my account at an ATM in Marina del Rey, CA. They even tried for another $200 after they got that but my bank declined it since I’ve never made even one transaction from CA much less two. Thankfully, I got my money back but it has been an inconvenience to say the least. I had to physically go into the bank to get a new card, fill out massive amounts of fraud paperwork and pay $20 for a copy of the police report for the bank. I will never use my Debit/PIN combination in a store, gas station pump or non-bank ATM again.
    To the comment above about stores not allowing you to use the credit option; I was told this by a bank staffer & a cashier: Swipe your card and the key pad comes up or asks you to enter PIN, hit cancel and then the credit option will pop up. Stores don’t offer the credit option first because they don’t want to pay the fee. According to them this is an option at most stores. I tried it at Wal-Mart the other day & it worked! Be safe out there!

    • Su June 12, 2011 at 3:20 pm #

      Megan–You should request that your bank reimburse you for the $20 fee the police department charged you for your copy whether by check or as a credit to your account. Especially since this was not something that you were able to control–this was a data compromise and depending if the amount they lost, they can file a complaint with Visa or MasterCard to get the money they lost back. And any fees that would have been charged by any ATM transactions are written off as they are just another way for the bank to make money for the ease of using another ATM. I work in the fraud department for a major bank. Not all banks require a copy of the police report unless they have suspicions about the charges. And anytime the customer the complains that a fee had to be paid to send information, we credit their account for those fees. It’s just they don’t tell you that. They prefer you ask since they know most people won’t. If they won’t give you the credit, at least you tried.

  6. Denise August 1, 2011 at 1:18 pm #

    I’m one of those that has been hit by this as well. $503.00 from an ATM in CA and another transaction close to $200.00 in CA as well this month. The company froze the second transaction as my bank caught the first transaction and had already given me a new card. Our bank gave us a refund for the $503.00. I’m working with the company on the second transaction to see if they can arrest the scumbags. Lucky for me the card was already cancelled so they couldn’t use it anymore without getting caught.

Let us know your thoughts!

This site uses Akismet to reduce spam. Learn how your comment data is processed.