US Retail Giant Michaels Admits 3m Hit By Data Breach

Tom Brewster is TechWeek Europe’s Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Arts and crafts retailer says its stores, including Aaron Brothers outlets, had machines infected with malware

Another US retail firm has admitted to a severe data breach, as Michaels Stores said data relating to three million credit cards was compromised thanks to malware attacks on the firm.

A number of Michaels branches, which deal in arts and crafts, saw their point of sale terminals hacked, in much the same way Target stores were compromised. The attacks, which took place between 8 May 2013 and 27 January 2014, affected 2.6 million cards.

Malware was also found on machines at Aaron Brothers, a Michaels property, with 400,000 cards potentially affected.

Cyber attackAnother big retail data breach

The firm said it had “received a limited number of reports from the payment card brands and banks of fraudulent use of payment cards potentially connected to Michaels or Aaron Brothers”.

The affected data included payment card number and expiration date. There was no evidence other customer personal information, such as name, address or PIN were affected by the data breach.

“We are committed to assisting affected customers by providing fraud assistance, identity protection and credit monitoring services. Importantly, with this incident now fully contained, we can assure customers this malware no longer presents a threat to shoppers at Michaels or Aaron Brothers,” said Michaels CEO Chuck Rubin.

“In an era where very sophisticated and determined criminals have proven capable of successfully attacking a wide range of computer networks, we must all increase our level of vigilance. Michaels is committed to working with all appropriate parties to improve the security of payment card transactions for all consumers.”

Love IT security? Try our quiz!