Posted January 30, 2014 by Chris Warren in News

Potential Security Breach at Michaels Stores

As if fierce competition to capture the loyalty and dollars of America’s consumers wasn’t enough of a challenge, it now seems that big retailers also face an ongoing threat from cyber criminals. On January 25th, Michaels Stores, Inc., the Irving, Texas-based arts and crafts chain announced that it was investigating the possibility that it had experienced a data security attack.

In a statement, the company said that it was working with federal law enforcement officials and third-party data security professionals to determine whether an attack had occurred and, if it had, to what extent customer payment information was compromised. “We are concerned there may have been a data security attack on Michaels that may have affected our customers’ payment card information and we are taking aggressive action to determine the nature and scope of the issue,” said Chuck Rubin, CEO of Michaels. “While we have not confirmed a compromise to our systems, we believe it is in the best interest of our customers to alert them to this potential issue so they can take steps to protect themselves, for example, by reviewing their payment card account statements for unauthorized charges.”

While not speculating on the possible extent of the data theft, Michaels said it would provide updates on its website as investigations continue. If a cyber attack on Michaels is confirmed, it will be just the latest in a string of high profile data thefts directed at national retailers. Late last year, Target had a security breach and revealed that the names, mailing addresses, phone numbers and email addresses of as many as 110 million of its customers had been obtained by criminals during the height of the holiday shopping season.

Earlier this year Neiman Marcus also confirmed that as many as one million of its customers may have had their card payment information stolen. According to an article in The New York Times, the attacks on both Neiman Marcus and Target involved the installation of malware on the companies’ computer systems, which then fed card information to servers controlled by the criminals.  The Times also reported that the attacks on Target, Neiman Marcus and, if it is confirmed, Michaels, are believed to be the work of the same group of Eastern European criminals. The paper reported that the attacks might be part of a larger effort that could involve as many as six other retail companies.

Chris Warren