Another major US retailer may have been the victim of a data breach aimed at customers’ debit and credit cards. After Target Corporation found itself in hot waters for the compromising of 40 million payment cards in December, as well as the subsequent revelation in mid-January that the personal information of 70 million customers was also compromised in the attack, Michaels announced on Saturday that it may have been hit by a similar attack.
The operator of over 1,000 retail locations, Michaels is one of the largest purveyors of arts and craft supplies in North America. According to a statement released by the chain on January 25, shoppers at any of those locations could have been exposed to a data leak which could put their credit or debit cards at risk. The company says it is working closely with federal law enforcement officials and third-party data security experts to determine the cause of possible fraudulent activity reported on some US cards which had been used at Michaels locations.
“We are concerned there may have been a data security attack on Michaels that may have affected our customers’ payment card information and we are taking aggressive action to determine the nature and scope of the issue,” said CEO Chuck Rubin. “While we have not confirmed a compromise to our systems, we believe it is in the best interest of our customers to alert them to this potential issue.”
It has not yet been determined whether an actual data breach did occur, but the retailer says it wants to take every precaution, including giving its customers fair warning that such an incident could have happened, and that shoppers should take every safety precaution to protect their credit cards and bank accounts.
Michaels’ announcement of a possible attack comes just days after the FBI issued a warning for retailers to prepare for more cyber attacks in the near future. The FBI’s warning noted that it had uncovered about 20 hackings in just the past year involving malware similar to that used in this fall’s attack on Target.
“We believe POS [Point of sale] malware crime will continue to grow over the near term, despite law enforcement and security firms’ actions to mitigate it,” the FBI said in a report issued to retailers and uncovered by Reuters.
“The accessibility of the malware on underground forums, the affordability of the software and the huge potential profits to be made from retail POS systems in the United States make this type of financially motivated cyber crime attractive to a wide range of actors.”
Before the Target breach, Neiman Marcus was used to steal card info from about 1.1 million people between July and October, but hackers are targeting more than just major chains. The FBI’s report says that greatest number of attacks investigated actually occurred at small-to-mid sized local and regional businesses.