Share

Top 5 Stories

News

Michaels could face class action suit over data breach

26 May 2011

Brandi F. Ramundo, who had $1,300 stolen from her checking account as a result of the data breach at Michaels Stores, has filed a lawsuit in federal court charging the crafts store chain with lax information security.

Ramundo’s suit seeks class-action status, a jury trial, compensatory damages, and consequential and statutory damages, according to a report by BankInfo Security. The suit also demands that Michaels pay for card fraud monitoring services for consumers affected by the breach.

Earlier this month, Michaels Stores said that customer debit and credit card numbers and PINs had been stolen through PIN-pad tampering at its stores nationwide. The company disabled and quarantined suspicious PIN pads and removed around 7,200 of them from its stores.

In the suit filed in US District Court in Chicago, Ramundo charges that Michaels violated federal and state law by failing to take reasonable steps to safeguard its customers' personal financial data, including credit and debit card numbers and PINs.

“In essence, Michaels' security failure enabled cyber-pickpockets to steal customer financial data from within the retailer's stores and subsequently loot the customers' bank accounts from remote [ATMs],” the suit alleges, as quoted by ConsumerAffairs.com.

Ramundo said she used her Fifth Third Bank debit card to buy $19.35 worth of merchandise from a Michaels store on April 18. On May 3, her card was rejected when she tried to use it at a Costco store, according to the ConsumerAffairs.com report.

Ramundo telephoned the bank and was told that the card had been suspended because of “suspicious activity,” specifically three withdrawals totaling $1,300 from the account to which the card was linked. She contacted the police and learned that numerous other Michaels customers had filed similar complaints, the report said.

The class action seeks to represent all US residents who made an in-store purchase at Michaels and used a debit or credit card that was swiped through a PIN pad.

This article is featured in:
Compliance and Policy  •  Data Loss

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×