Back in January, arts and crafts retail giant Michaels announced that it was investigating a potential security breach, and now the company has confirmed that millions of credit cards may have been compromised by a cyberattack. The company says that the attack targeted its point-of-sale systems at a “varying number” of stores from May 8th, 2013 through January 27, 2014. Overall, some 2.6 million credit and debit cards may have been affected, which is about seven percent of cards used in its stores over that timeframe.
Michaels Stores, Inc. (the “Company” or “Michaels”) today provided an update on its ongoing investigation into the data security issue it previously reported. In January, the Company learned of possible fraudulent activity on some U.S. payment cards that had been used at Michaels stores. Since the announcement, the Company retained two independent, expert security firms to conduct an extensive investigation. The Company also has been working closely with law enforcement authorities and coordinating with banks and payment processors to determine the facts. After weeks of analysis, the Company discovered evidence confirming that systems of Michaels stores in the United States and its subsidiary, Aaron Brothers, were attacked by criminals using highly sophisticated malware that had not been encountered previously by either of the security firms.