Crafts retailer Michaels is the latest company to suffer a credit card breach, warning customers that it is investigating the potential theft of payment details. The retailer, which operates around 1,250 stores in the US, has not disclosed how many customers it believes have been affected, nor whether the breach was in physical locations, online, or both; it is now working with federal law enforcement and data security experts to ascertain the extent of the damage, Michaels confirmed in a statement provided to researcher Brian Krebs.
Michaels describes the issue as “a data security attack” though isn’t clear at this stage what information has been taken. The decision to notify customers is one of an abundance of caution, the retailer points out, so that they can monitor their accounts for any signs of unauthorized use.
According to Krebs, however, sources in the banking industry have already begun seeing evidence of fraud that they believe is linked to card details having been acquired through the Michaels hack. “Hundreds of cards” have been used in the latter half of last week, one unnamed fraud analyst at a credit card processor says, generally at chain stores like Target and Best Buy.
The chatter came on the tail end of talk of a similar breach through cards traced back to Aaron Brothers, which is owned by Michaels.
While the technical details behind the breach are unknown, it’s not the first time the retailer has been targeted. That has included compromised payment hardware in-store, which happened back in 2011.
The news comes on the heels of a breach at retailer Target, which potentially saw as many as 1.1m customers’ credit cards taken.