Another major US retailer may have had customer credit card details fall victim to cyberattack. Michaels, which sells art and craft supplies at over 1,100 stores in the US and Canada, has just announced that it's working with federal law enforcement agencies and independent security analysts to investigate a potential data breach.
While the company says that it hasn't yet confirmed an actual breach, cyber security expert Brian Krebs — who has been closely monitoring the Target and Neiman Marcus attacks — says that Michaels does have reason to believe that data theft might have occurred. According to his sources, four different financial institutions traced hundreds of fradulent purchases back to cards that had been used at Michaels stores.
Krebs also writes that one fraud analyst in particular said fraudulent activity had also been seen around Aaron Brothers, a wholly-owned subsidiary of Michaels with 130 stores across the country.
"We believe it is in the best interest of our customers to alert them to this potential issue."
While we don't have confirmation of the Michaels breach or an idea of its scope — the Target breach affected up to 70 million customers' personal data, while the Neiman Marcus attack might have been a smaller 1.1 million payment cards — the company appears to be taking a better safe than sorry approach. "While we have not confirmed a compromise to our systems, we believe it is in the best interest of our customers to alert them to this potential issue so they can take steps to protect themselves, for example, by reviewing their payment card account statements for unauthorized charges," wrote Chuck Rubin, Michaels CEO.
It wouldn't be the first time for Michaels, after all. In 2011, thieves stole a reported 94,000 debit and credit card account numbers by replacing the PIN pads at at 84 Michaels stores across 20 different states. In 2012, two men were each sentenced to 60 months in prison for trying to use nearly 1,000 of those cards to withdraw money from ATMs.
The FBI is warning companies that these attacks will become more common in the future.