An arts and crafts retailer has revealed it’s the latest victim in a wave of cyber data breaches on American retailers.
Irving, Texas-based Michaels said it has learned of possible fraudulent activity on some payment cards used in the stores. The store did not give a time frame for the suspected data breach.
“We are concerned there may have been a security attack on Michaels that may have affected our customers’ payment card information and we are taking aggressive action to determine the nature and scope of the issue,” Chuck Rubin, CEO, said in a statement.
Meanwhile, high-end retailer Neiman Marcus—who earlier in January alerted customers of a breach—has released more details about it. According to a Jan. 22 statement, about 1.1 million customer payment cards might have been visible to malware secretly installed on the retailer’s point-of-sale terminals from July 16, 2013 to October 20, 2013.
Also Read: Could recent data breach wave cause market turning point?
Neiman Marcus said card issuers Visa, MasterCard and Discover have told the retailer about 2,400 payment cards used at Neiman Marcus and Last Call stores have been used fraudulently.
Social security numbers and birth dates were not stolen by hackers, said Neiman Marcus. Online shoppers “do not appear” to have been impacted by the breach. Furthermore, PIN numbers were “never at risk because we do not use PIN pads in our stores,” Neiman Marcus reported.
It is believed the malware installed on terminals at Neiman Marcus stores is the same malware that affected terminals at the nation’s third-largest retailer, Target, at the end of last year. Target disclosed its breach on December 19, announcing its systems were hacked from November 27 to December 15.
What was an incident potentially affecting 40 million Target customers has grown to a breach affecting as many as 110 million customers—about one third of the US population.
Michaels did not offer details on how it was breached nor did it estimate how many customers may have been affected. The stores said it is “working closely with federal law enforcement and is conducting an investigation with the help of third-part data security experts to establish the facts.”
It is not known if the Michaels breach is related to Target and Neiman Marcus. Following Neiman Marcus’ disclosure it was investigating a breach, Reuters reported, citing unnamed sources, that there are “at least three other well-known US retailers” involved.
This is not the first time Michaels is dealing with a data breach. In 2011 the retailer said a small amount of PIN pads in its stores showed signs of tampering. Michaels disabled and quarantined the machines and eventually replaced PIN pads in all of its US stores.
Chad Hemenway is Managing Editor of Advisen News. He has more than 15 years of journalist experience at a variety of online, daily, and weekly publications. He has covered P&C insurance news since 2007, and he has experience writing about all P&C lines as well as regulation and litigation. Chad won a Jesse H. Neal Award for Best Single Article in 2014 for his coverage of the insurance implications of traumatic brain injuries and Best News Coverage in 2013 for coverage of Superstorm Sandy. Contact Chad at 212.897.4824 or [email protected].
