TLJ News from January 21-25, 2014

More News

1/25. On January 25, 2014, Michaels Stores, an arts and crafts retailer, announced in a release that "We recently learned of possible fraudulent activity on some U.S. payment cards that had been used at Michaels, suggesting we may have experienced a data security attack." Michaels Stores placed a notice at the top of its web site's entry page.


House Commerce Committee Democrats Write Target Regarding Data Breach

1/23. Rep. Henry Waxman (D-CA), Rep. Diane DeGette (D-CO), and Rep. Jan Schakowsky (D-IL) sent a letter to Target CEO Gregg Steinhafel regarding Target's recent disclosure of a data breach involving millions of customers' credit card, payment card, and other data. This letter is a request for production of documents.

The three Representatives are senior Democratic members of the House Commerce Committee (HCC). They stated that the HCC will hold a hearing "on this breach and the overall impact of data breaches on consumers during the first week in February".

(The Senate Judiciary Committee (SJC) will hold a hearing on Tuesday, February 4, 2014. See, notice.)

They wrote that "This breach is particularly significant because of its unprecedented scope and scale. More than one-fifth of Americans may be affected". They continued that "Questions remain about how exactly this attack was carried out, who was responsible, whether it could have been prevented, how Target responded, and how retailers and customers can protect themselves going forward."

They also requested that Target promptly produce numerous documents.

See also, related stories in this issue titled "Data Breach Bills Introduced", "Target Discloses Data Breach", "Nieman Marcus Announces Data Breach", and "More Data Breach News".


Nieman Marcus Discloses Data Breach

1/22. On January 22, 2014, Neiman Marcus, a posh department store chain, announced in a release that "some of our customers' payment cards were used fraudulently after making purchases at our stores".

It elaborated that "While the forensic and criminal investigations are ongoing, we know that malicious software (malware) was clandestinely installed on our system. It appears that the malware actively attempted to collect or "scrape" payment card data from July 16, 2013 to October 30, 2013. During those months, approximately 1,100,000 customer payment cards could have been potentially visible to the malware. To date, Visa, MasterCard and Discover have notified us that approximately 2,400 unique customer payment cards used at Neiman Marcus and Last Call stores were subsequently used fraudulently."

It added that "Customers that shopped online do not appear to have been impacted" and "PINs were never at risk because we do not use PIN pads in our stores".

Neiman Marcus placed a notice at the top of its web site's entry page.