If you can stretch your memory all the way back to the spring of 2011, before data breaches seemed commonplace, perhaps you will recall when Michaels warned customers that PIN pad information at some of its stores might have been exposed. Now, a California man has admitted his role in a conspiracy to swipe 94,000 credit and debit card numbers from customers at around 80 Michaels stores.
According to acting U.S. Attorney William E. Fitzpatrick, the man pleaded guilty in New Jersey federal court to an indictment [PDF] charging him with conspiracy to commit bank fraud and aggravated theft.
The man and his co-conspirators are accused of installing wireless skimming devices that stole customers’ bank account and PIN information from point-of-sale terminals at Michaels stores. Once they had that info, they used it to create counterfeit bank cards and withdraw cash.
In April and May 2011, the defendants allegedly replaced 88 POS terminals in 80 different stores in 19 states, authorities said.
He’s now facing a maximum potential penalty of 30 years in prison and a $1 million fine for the charge of conspiracy to commit bank fraud, as well as a mandatory penalty of two years in prison, to be served consecutively to any other sentence, for the charge of aggravated identity theft.
One of his co-conspirators pleaded guilty to her role in the scheme previously and awaits sentencing.