Two charged in 2011 cyber breach at Michaels retailer

Thu Jul 30, 2015 5:36pm EDT
Email This Article |
Share This Article
  • Facebook
  • LinkedIn
  • Twitter
| Print This Article | Single Page
[-] Text [+]

By Jonathan Stempel and Nate Raymond

July 30 (Reuters) - Two southern Californians were criminally charged over their alleged roles in a conspiracy to steal 94,000 credit and debit card numbers from Michaels Companies Inc customers, in a prominent 2011 cyberattack affecting the largest U.S. arts and crafts retailer.

The charges against Angel Angulo, 25, of Riverside, and Crystal Banuelos, 28, of Bloomington, were announced on Thursday by U.S. Attorney Paul Fishman in New Jersey, where Michaels also has stores.

Fishman said the conspirators captured customers' bank account information and personal identification numbers by installing devices on 88 point-of-sale terminals in 80 Michaels stores across 19 U.S. states.

With the help of others, Angulo and Banuelos then produced counterfeit bank cards, and used them to withdraw more than $420,000 from automated teller machines, Fishman said.

The scheme lasted from February to May 2011, when the defendants possessed 179 counterfeit cards in New Jersey, and affected seven banks including Bank of America Corp, JPMorgan Chase & Co, Toronto-Dominion Bank and Wells Fargo & Co, Fishman said.

Angulo and Banuelos were each charged with conspiracy to commit bank fraud, which carries a maximum 30-year prison term and $1 million fine, and aggravated identity theft, which carries a maximum two-year term to be served consecutively.

It is unclear whether the defendants have hired lawyers. Angulo was scheduled to appear on Thursday in a Riverside federal court. Banuelos is at large.

A spokeswoman for Michaels did not immediately respond to requests for comment. The company is based in Irving, Texas.   Continued...