Class Slams Michaels for Data Breach

Chris Fry reports on yet another potential class action lawsuit against Michael’s Store – and it includes a timeliness of notification claim:

 Michaels Stores took almost 3 months to warn customers that their debit cards’ PIN numbers may have been stolen by skimming devices in at least 20 states, a class action claims in Passaic County Court.

The class claims that between Feb. 8 and May 6 this year “an unidentified third-party or third-parties tampered with Michaels payment processing equipment and gained access to the extremely sensitive financial information of thousands of Michaels consumers in at least twenty states.”

The class claims the company “failed to take any commercially reasonable steps to safeguard its customers’ nonpublic, sensitive, personal and financial account information … making its consumers an easy target for third-party skimmers.”

And, the class adds: “After the security breach occurred, Michaels further harmed its customers by delaying notifying them for almost three months after the security breach began. … On May 5, 2011, almost three months after the security breach occurred, the company sent the belated email alert to some of its customers.”

What’s more, the email alert was less than honest, the class claims: “Despite knowing of the data breach for weeks, if not months, Michaels stated in the email alert, ‘Michaels has just learned that it may have been victim of PIN pad tampering in the Chicago area and that customer credit and debit card information may have been compromised.'”

Read more on Courthouse News. The New Jersey case is Rosenfeld v. Michaels Stores

About the author: Dissent