Michaels Stores’ security breach affected over 3 million credit cards

By  | 

Michaels Stores on Thursday confirmed that there was a security breach of certain payment card processing systems at its US stores and its subsidiary, Aaron Brothers.

Michaels Stores Inc, one of the US’s biggest art and crafts retailer firms, had earlier said in January that it was working with federal law enforcement officials to investigate a possible data breach.

According to Michaels, the security breach which apparently took place between May 8, 2013 and January 27, 2014, may have affected about 2.6 million cards, or about 7 percent of payment cards used at its stores during the period.

While another round of security breach on Aaron Brothers’ payment systems from June 26, 2013 to February 27, 2014, is said to have impacted about 400,000 cards.

“We encourage you to actively monitor all of your payment card account activity and immediately contact your bank or card issuer if the you notice any suspicious activity,” Chuck Rubin, CEO for Michael Stores, said.

“In an era where very sophisticated and determined criminals have proven capable of successfully attacking a wide range of computer networks, we must all increase our level of vigilance. We are committed to working with other parties to improve the security of payment card transactions for all consumers.”

The retailer said the systems were attacked by hackers using highly sophisticated malware that neither of the security firms hired to investigate the breaches had previously encountered.

The company has posted details about the specific Michaels stores and Aaron Brothers stores that were targeted and at what times they were vulnerable, so that customers can go and check to see if their credit card info was potentially hacked.

Michaels Stores noted the affected systems contained customer’s payment card number and expiry date however it said that there was no evidence that data such as customers’ other personal information, such as name, address or personal identification number were at risk.

The company said it is offering affected customers 12 months of identity protection, credit monitoring, and fraud assistance services at free of cost.