Michaels “Possible” Data Breach

Irving, TXWith consumers still reeling from Target and Nieman-Marcus data breaches , Michaels, the biggest arts and crafts retailer in the US, says its computer system that processes payment cards may have suffered a “data security attack”.

In a statement issued Saturday by the retailer's CEO Chuck Rubin, Michaels has learned of "possible fraudulent activity" on an undetermined amount of its US customers' payment cards, which indicates there may have been a breach. Besides not disclosing any more information regarding how many customers could be involved in the possible breach, Michaels has also not said when customers potentially affected by the breach shopped at the stores and if online or in-store shoppers or both could be involved.

Rubin added that customers should protect themselves by reviewing their account statements for unauthorized charges. Before Rubin made any announcements, however, security blogger Brian Krebs (krebsonsecurity.com) first reported the possible attack on Friday.

Krebs pointed out that this isn’t the first time Michaels has been cyber-attacked. In May 2011 the retailer announced that “crooks had physically tampered with some point-of-sale devices at store registers in some Chicago locations, although further investigation revealed compromised POS devices in stores across the country, from Washington, D.C. to the West Coast."

Regardless whether a breach has occured, Michaels Stores Inc. says it is working with federal law enforcement and data security experts.

The Target attack at the end of 2013, which affected up to 110 million customers, has resulted in a Target data breach class action lawsuit.

Michaels says it operates more than 1,100 stores in the US and Canada.