14 DAY TRIAL // In January, we learned that arts and crafts retail chain Michaels Stores might have suffered a data breach. Now, after weeks of investigation, the company has confirmed that cybercriminals breached not only its systems, but the ones of its subsidiary, Aaron Brothers, as well.
Two independent security firms have been hired by Michaels to conduct an analysis. They found that cybercriminals had used a piece of sophisticated malware to carry out the attack. The malware in question had not been seen before this incident by either of them.
The point-of-sale (POS) systems targeted by the malware stored information such as numbers and expiration dates for payment cards used at Michaels and Aaron Brothers stores. However, there’s no indication that other data, such as names, addresses or PINs, have been accessed by the hackers.
The cybercriminals had access to Michaels systems between May 8, 2013 and January 27, 2014. The company has determined that 7% of the cards used at Michaels stores during this period have been impacted – approximately 2.6 million cards.
As far as Aaron Brothers is concerned, the attackers had access to POS systems between June 26, 2013 and February 27, 2014. Around 400,000 cards used at a total of 54 stores have been affected. Customers who want to find out if they’ve shopped at the impacted stores can check out the list published by Michaels.
Michaels is now confident that its systems have been cleaned up. The company says that it’s committed to working on improving payment card transaction security.
In the meantime, the retailer has received some fraud reports concerning credit and debit cards that might have been stolen in the cyberattack. As a result, impacted customers are being offered 12 months of free identity protection, credit monitoring and fraud assistance services.
“Our customers are always our number one priority and we are truly sorry for any inconvenience or concern Michaels may have caused,” noted Chuck Rubin, the company’s CEO.
“We are committed to assisting affected customers by providing fraud assistance, identity protection and credit monitoring services. Importantly, with this incident now fully contained, we can assure customers this malware no longer presents a threat to shoppers at Michaels or Aaron Brothers,” he added.
“In an era where very sophisticated and determined criminals have proven capable of successfully attacking a wide range of computer networks, we must all increase our level of vigilance. Michaels is committed to working with all appropriate parties to improve the security of payment card transactions for all consumers.”