Reuters interviewed me and published a story called “Expert cites new hack tactic in Michaels data breach”
Ottenheimer estimated that Michaels was likely facing tens of thousands or even hundreds of thousands of dollars in costs related to replacing the 7,200 PIN pads, including training employees to regularly check that the equipment has not been compromised.
I’m glad they included the security procedures comment, although I sound more conservative than I realised at the time. The cost breakdown of their upgrade is affected by many factors such as planned depreciation of existing equipment, logistics and shipping, installation and configuration of the hardware/software.
But PIN pad security and compliance is not just about the technology. Michaels management also will have to update and test their procedures and provide company-wide training to prevent or detect further compromise. That is why a new replacement estimate could easily reach into the hundreds of thousands, unless it already was in plan and budget, as I explained previously.