Even after arts and crafts merchant Michael’s Stores Inc. announced it was a victim of a data security breach in January, Michaels and its Aaron Brothers subsidiary’s store customer’s credit card data was still at risk, according to a press release issued April 17.
Though Michaels Stores Inc. acknowledged the data security issue on Jan. 25, the company acknowledged that the attack on Michaels happened between May 8, and Jan. 27, and targeted a limited portion of the point-of-sale systems at a varying number of stores.
An analysis conducted by third party security firms and Michaels Stores Inc. shows that approximately 2.6 million cards may have been impacted, which represents about 7% of payment cards used at Michaels stores in the U.S. during the relevant time period. Another 400,000 customers’ cards were potentially affected at Aaron Brothers between June 26 and Feb. 27.
Michaels Stores Inc. said it has now identified and fully contained the incident, and the malware no longer presents a threat while shopping at Michaels or Aaron Brothers.
However, Michaels Stores Inc. can breathe a sigh of relief: It says it has received a limited number of reports from the payment card brands and banks of fraudulent use of payment cards potentially connected to Michaels or Aaron
“In an era where very sophisticated and determined criminals have proven capable of successfully attacking a wide range of computer networks, we must all increase our level of vigilance,” Michaels Inc. CEO Chuck Rubin said in a statement.