View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Michaels Stores confirms data breach, nearly three million cards affected

Latest retailer to succumb to highly sophisticated malware

By Vinod

American arts and crafts retailer Michaels Stores has confirmed a data security breach at its US stores and its wholly-owned subsidiary Aaron Brothers, affecting up to three million customers.

This is the second data breach incident at Michaels Stores since 2011 when reportedly 94,000 debit and credit card account numbers were stolen, reports The Verge.

The latest data breach occurred between 8 May 2013 and 27 January 2014, affecting up to 2.6 million cards, with potential impact on another 400,000 cards at Aaron Brothers unit, said to have occurred between 26 June 2013 and 27 February 2014.

More than 1,135 Michaels stores and 119 Aaron Brothers locations have been affected, which can be found on the company website.

In a statement on its website, Michaels Stores said," The computer hack involved highly sophisticated malware that had not been encountered previously by either of the security firms."

The retailer also noted that there is no evidence yet of any risk to personal data such as customers’ name or personal identification number, though information such as credit and debit card numbers and expiration dates have been exposed.

Michaels Stores is working with law enforcement authorities, banks and payment processors.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Michaels Stores is the latest US retailer whose systems have been compromised in a series of high-profile breaches since last year, including Target and Neiman Marcus.

US retailers have called for the formation of an industry group for collecting and sharing intelligence in a bid to prevent future attacks.

The National Retail Federation recently announced creation of a platform to enable retailers to obtain and share information on online security threats.

Trade groups have also recommended adoption of EMV, a payment card technology widely used in Europe and considered safer, which relies on a small chip embedded in each card rather than a magnetic strip, as reported in the New York Times.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.