Michaels Stores says it is investigating a possible company data security breach that may have affected its customers’ payment card information.The Irving, Texas-based company said Saturday that it launched the probe after learning of possible fraudulent activity on some U.S. payment cards used at the home decor and crafts retailer.
“We are concerned there may have been a data security attack on Michaels that may have affected our customers’ payment card information and we are taking aggressive action to determine the nature and scope of the issue.” Michaels CEO Chuck Rubin said in a statement emailed to USA TODAY.
Michaels is working with federal law enforcement and data security experts but has yet to confirm that its systems were compromised. The company also has hired an independent forensics firm to help with the investigation. No details are available about the possible size of the breach.
Rubin suggests Michaels customers take steps to protect themselves, such as reviewing their account statements for unauthorized charges. Michaels has more than 1,250 locations in the United States.
On Saturday afternoon, Brian Krebs, an independent Internet security researcher, blogged about the probe, citing unnamed banking industry sources.
KrebsonSecurity, Krebs’ blog that tracks Internet security investigations, said the probe was discovered Friday. “Multiple sources in the banking industry say they are tracking a pattern of fraud on cards that were all recently used at Michaels,” his blog post said.
Michaels is the third major retailer in the past month or so that has been identified as the victim of a credit card cyber attack. In December, Target revealed that it had been attacked and later disclosed that the breach may have affected up to 110 million shoppers. Earlier this month, luxury retailer Neiman Marcus said more than 1 million shoppers had been affected by a breach that affected its computer software that runs its cash registers.
Law enforcement officials and several cybersecurity experts have warned of more attacks on retailers.