Michaels Arts & Crafts Confirms Data Breach


michaels-featuredNorth American retailer Michaels Arts & Crafts has just confirmed a data breach affecting 2.6 million credit cards swiped at nearly 1000 of their retail locations between May 8, 2013 and January 27, 2014. This confirmation comes after reports of an initial investigation into the breach that began nearly 4 months ago, and also extends to 400,000 credit cards swiped at 53 Aaron Brothers retail locations (a Michaels subsidiary) between June 26, 2013 and February 27, 2014.

What you should know

Michaels first announced that they were investigating a potential data breach back in January 2014, in a letter to customers from CEO Chuck Rubin. This letter did not reveal any details regarding the extent of the breach but did urge customers to keep a close watch on their credit cards.

This week’s confirmation has revealed the full nature of the breach:

What you should do

If you shopped at an affected Michaels or Aaron Brothers location between the dates that the breach occurred, the best thing you can do is cancel your credit card and get a new one – assuming you haven’t already done so.

Public confirmations of data breaches do help spread awareness to victims, but they also cause black market cybercriminals to sell stolen card numbers for lower rates. That means if your card number was compromised by the Michaels data breach, and you haven’t yet changed it, it is now at a higher risk of being frauded. Stolen credentials are no good to criminals if they are rendered void, and in the wake of this announcement instances of fraud are likely to surge because anyone with a stolen card number will want to “cash in” before that card is cancelled.

As yet, Michaels has not publicly disclosed specific information about the malware that was used in this attack, but if the last few months’ series of events is any indication, a POS RAM scraper is likely the culprit. More on this trend towards POS malware can be found here: Emsisoft Security Knowledgebase: What’s with all the Point of Sale Data Breaches?

 

Emsisoft Endpoint Protection: Award-Winning Security Made Simple

Experience effortless next-gen technology. Start Free Trial

Have a nice (malware-free) day.

Senan Conrad

Senan Conrad

Senan specializes in giving readers insight into the constantly and rapidly changing world of cybersecurity. When he’s not tapping away at his keyboard, he enjoys drinking a good coffee or tinkering in his workshop.

What to read next