2.6M Cards Compromised, Michaels Says
The crafts retail chain Michaels Stores on Friday revealed the details of an eight month data security breach that compromised data at its stores and those of a subsidiary retail chain.
The company initially acknowledged the breach in January, but did not reveal any details at that time. This is the second breach for the chain, the first having occurred in 2011.
In a press release, Michaels said that its stores and those of Aaron Brothers, its custom framing subsidiary, had been attacked in the breach and that payment card numbers and expiration dates had been compromised. PINs were not compromised, the firm said.
The company revealed breaches at Michaels stores took place between May 8, 2013, and January 27, 2014, but did not involve all the chain's stores at the same time. Breaches at Aaron Brothers stores were also intermittent over the eight month period.
“Only a small percentage of payment cards used in the affected stores during the times of exposure were impacted by this issue,” Michaels said. “The analysis conducted by the security firms and the Company shows that approximately 2.6 million cards may have been impacted, which represents about 7% of payment cards used at Michaels stores in the U.S. during the relevant time period.”
The company also reported having only received limited numbers of reports of fraud from cards that may have been compromised at its stores, but added any cases are too many.
“Our customers are always our number one priority and we are truly sorry for any inconvenience or concern Michaels may have caused,” said CEO Chuck Rubin. “We are committed to assisting affected customers by providing fraud assistance, identity protection and credit monitoring services. Importantly, with this incident now fully contained, we can assure customers this malware no longer presents a threat to shoppers at Michaels or Aaron Brothers.”
Mr. Rubin added, “In an era where very sophisticated and determined criminals have proven capable of successfully attacking a wide range of computer networks, we must all increase our level of vigilance. Michaels is committed to working with all appropriate parties to improve the security of payment card transactions for all consumers.”