There Was Another Big Cyber Heist This Weekend — And That's a Troubling Sign

The news: Craft store Michaels appears to be the latest victim of a massive security breach after "hundreds" of credit cards used at its locations were subsequently used to make fraudulent purchases. The stolen cards were typically used at big box stores like Best Buy and Target, where the thieves made off with thousands of dollars of retail goods.

If confirmed, Michaels would be the latest large retailer to fall before a dedicated attack. In November, criminals stole the credit card numbers of over 40 million customers and personal information for over 70 million. And malware on point-of-sale systems caused retailer Nieman Marcus to expose 1.1 million payment cards to hackers.

A fraud analyst at a large credit processor told security journalist Brian Krebs that "What’s interesting is there’s another [arts and framing] store called Aaron Brothers, and within past week or two there was a lot of activity talking about Aaron Brothers."

"One of the things I learned the other day is that Aaron Brothers is wholly owned by Michael’s. It really does look like kind of the way we saw the Target breach spin up, because the fraud here isn’t limited to one store or one area, it’s been all over the place."

CEO Chuck Rubin issued the following statement:

"The Company is working closely with federal law enforcement and is conducting an investigation with the help of third-party data security experts to establish the facts. Although the investigation is ongoing, based on the information the Company has received and in light of the widely-reported criminal efforts to penetrate the data systems of U.S. retailers, Michaels believes it is appropriate to let its customers know a potential issue may have occurred."

How it works: Data can be stolen in any number of ways ranging from direct theft to sophisticated technical operations. Last week, massive fraud hit 40% of the entire population of South Korea after an employee at the Korea Credit Bureau copied data onto an external hard drive over the course of a year and a half. The Target breach "appears to have resulted from Windows-compatible BlackPOS (a.k.a. Kaptoxa) malware running on payment processing servers, and siphoning 11 GB of card data from POS terminals, via FTP, to a server in Russia." In other words, the hackers managed to infect the terminals that read credit cards. And then there's classic phishing techniques like sending spam emails that look remarkably like actual retailer communications in order to obtain credit card data.

"You now can receive e-mails that will look a lot like an e-mail from Target or an e-mail  from your bank that will lead you to a website that will ask for your log-n credentials including your password. And those sites could potentially be from he hackers who stole your e-mail address," said Yaron Samid, who runs a fraud protection service.

Generally, the ones pulling off the heists aren't the ones who make fraudulent purchases. Often, the stolen cards are auctioned off in lots, sometimes at low prices. Data can go through several parties before reaching your typical run-of-the-mill petty criminals, so it's often very difficult to trace organized theft back to the original hackers.

What companies are doing to prevent fraud: Obviously, not enough. Major tech companies are now encrypting your data, as surveyed by IT World:


But direct theft from corporate servers or malware installed on physical hardware within the stores themselves wouldn't be prevented by encryption, which only makes it more difficult for third parties like criminals or more ominously the NSA to access private data. Vigilance, common sense, and a constant eye for protecting your personal data is the only surefire way to lower your risk of identity theft.

How likely are you to make Mic your go-to news source?

Tom McKay

Tom is a staff writer at Mic, covering national politics, media, policing and the war on drugs. He is based in New York and can be reached at tmckay@mic.com.

MORE FROM

Kshama Sawant on why Seattle needs an independent investigation into the Charleena Lyles shooting

Seattle City Councilperson Kshama Sawant, member of Socialist Alternative party, discusses the Charleena Lyles investigation, tenant voter registration, why Hillary Clinton lost in 2016 and more.

The EPA seeks to undo clean water rule, putting 117 million Americans' water at risk

The new rule could have "long-reaching consequences for everyone living in the United States.”

This small Ohio town might stop treating heroin overdoses to save the city money

"People will die. It's plain and simple."

Here's what New York's first official LGBTQ monument will look like

Here's our first look at New York's new monument to LGBT communities.

How will Trump's travel ban be enforced? Here's what the Supreme Court's decision really means.

The Supreme Court's order prevents most of the ban from taking effect before the case is heard, with limited exceptions.

Tick saliva could be the key to fighting a dangerous heart condition

Ticks could hold the secret to treating this heart condition.

Kshama Sawant on why Seattle needs an independent investigation into the Charleena Lyles shooting

Seattle City Councilperson Kshama Sawant, member of Socialist Alternative party, discusses the Charleena Lyles investigation, tenant voter registration, why Hillary Clinton lost in 2016 and more.

The EPA seeks to undo clean water rule, putting 117 million Americans' water at risk

The new rule could have "long-reaching consequences for everyone living in the United States.”

This small Ohio town might stop treating heroin overdoses to save the city money

"People will die. It's plain and simple."

Here's what New York's first official LGBTQ monument will look like

Here's our first look at New York's new monument to LGBT communities.

How will Trump's travel ban be enforced? Here's what the Supreme Court's decision really means.

The Supreme Court's order prevents most of the ban from taking effect before the case is heard, with limited exceptions.

Tick saliva could be the key to fighting a dangerous heart condition

Ticks could hold the secret to treating this heart condition.