Michaels Investigating Possible Breach
Fraudulent Card Activity May Be Linked to Crafts RetailerArts and crafts retailer Michaels is looking into a possible data breach that may have led to fraudulent activity on U.S. payment cards that had been used by customers at Michaels stores.
See Also: Cybersecurity Awareness Engagement Toolkit: Elevate Your Security Culture
The company is working with federal law enforcement and third-party data security experts to establish the facts, Michaels said in a Jan. 25 press release.
"Although the investigation is ongoing, based on the information the company has received and in light of the widely-reported criminal efforts to penetrate the data systems of U.S. retailers, Michaels believes it is appropriate to let its customers know a potential issue may have occurred," Michaels says.
Michaels hasn't confirmed a compromise of its systems yet, the press release says.
"We believe it is in the best interest of our customers to alert them to this potential issue so they can take steps to protect themselves," says Michaels CEO Chuck Rubin.
When reached for comment, a spokesperson for Michaels said the press release is the extent to which the company is commenting at this time.
The news comes after two high-profile breaches affecting Target Corp. and Neiman Marcus.
Headquartered in Irving, Texas, Michaels has more than 1,105 craft stores in the United States and Canada.
2011 Incident
The company has been impacted by large-scale security incidents in the past. In 2011, banking institutions reported tens of thousands of fraudulent transactions linked to consumers who had visited Michaels craft stores that were affected by the breach [see: Michaels Breach: Fraudsters Sentenced].
POS and PIN-entry devices at 84 locations in 20 states were later found to have been swapped out with devices manipulated to collect card numbers and PINs. Investigators say 94,000 debit and credit cards were affected by the breach.