Class Slams Michaels for Data Breach

PATERSON, N.J. (CN) – Michaels Stores took almost 3 months to warn customers that their debit cards’ PIN numbers may have been stolen by skimming devices in at least 20 states, a class action claims in Passaic County Court.

     The class claims that between Feb. 8 and May 6 this year “an unidentified third-party or third-parties tampered with Michaels payment processing equipment and gained access to the extremely sensitive financial information of thousands of Michaels consumers in at least twenty states.”
     The class claims the company “failed to take any commercially reasonable steps to safeguard its customers’ nonpublic, sensitive, personal and financial account information … making its consumers an easy target for third-party skimmers.”
     And, the class adds: “After the security breach occurred, Michaels further harmed its customers by delaying notifying them for almost three months after the security breach began. … On May 5, 2011, almost three months after the security breach occurred, the company sent the belated email alert to some of its customers.”
     What’s more, the email alert was less than honest, the class claims: “Despite knowing of the data breach for weeks, if not months, Michaels stated in the email alert, ‘Michaels has just learned that it may have been victim of PIN pad tampering in the Chicago area and that customer credit and debit card information may have been compromised.'”
     Michaels is an art supplies store that owns and operates more than 1,000 outlets in the United States and Canada.
     The class claims that the delay in issuing the alert “created a significantly greater risk” that “deprived customers of the opportunity to protect themselves and their personal information during that three-month time period.”
     Michaels acknowledged in May “that 90 individual PIN pads in Michaels’ 964 stores showed signs of tampering, and Michaels removed approximately 7,200 PIN pads comparable to the identified tampered PIN pads from its U.S. stores,” according to the complaint.
     One of the two named plaintiffs says her credit card was compromised when she used it to make a $3.19 purchase at a Michaels store in New Jersey.
     The named plaintiffs say that “at no time has Michaels offered any credit monitoring assistance” despite suggesting in a letter to customers that they may want to seek it.
     The class seeks monitoring services, compensatory, statutory and treble damages for negligence and violations of the Consumer Fraud Act. They are represented by Bruce Greenberg with Lite DePalma and Greenberg of Newark.

%d bloggers like this: