Saturday, April 25, 2015
Current Weather
Loading Current Weather....
Published: Saturday, 1/25/2014

Crafts retailer Michaels is investigating data breach


SAN FRANCISCO — In what may be the latest in a continuing spate of cyberattacks on U.S. retailers, Michaels Stores said today that it was investigating a potential security breach involving customers’ credit card information.

Michaels, an arts and crafts retailer based in Irving, Texas, said it was looking into reports of fraudulent activity on credit cards belonging to its customers. But the company said it had not yet confirmed a breach, and did not say how many credit cards were potentially compromised. The retailer operates more than 1,000 stores in the United States and Canada.

The Secret Service is investigating the breach, and is conducting separate inquiries of recent breaches at Neiman Marcus and Target.

“Although the investigation is ongoing, based on the information the company has received and in light of the widely reported criminal efforts to penetrate the data systems of U.S. retailers, Michaels believes it is appropriate to let its customers know a potential issue may have occurred,” the company said in a statement.

If the breach is confirmed, Michaels will be the third major retailer — after Target and Neiman Marcus — to confirm that its systems were compromised after an investigation by Brian Krebs, a security blogger, who first reported today that Michaels had potentially experienced a breach.

The recent breach at Neiman Marcus may have compromised more than 1 million of its customers’ payment cards, while the Target breach affected 70 million to 110 million people. In both cases, malware was installed on the retailers’ systems, feeding customers’ payment details back to criminals’ computer servers.

The breaches at Neiman Marcus and Target are believed to have been perpetrated by the same group of criminals in Eastern Europe, and to be part of a broader cyberattack directed at as many as six other retailers, according to two people investigating the breaches who were not authorized to speak publicly.

Recommended for You

Guidelines: Please keep your comments smart and civil. Don't attack other readers personally, and keep your language decent. If a comment violates these standards or our privacy statement or visitor's agreement, click the "X" in the upper right corner of the comment box to report abuse. To post comments, you must be a Facebook member. To find out more, please visit the FAQ.