The Secret Service confirmed Monday that is looking into a cybersecurity attack on Michaels craft stores, the latest in a string of major retailers to announce that attackers may have breached consumer information.
Michaels said Saturday that it has not yet confirmed any compromise to its systems but believed it was best to tell its customers about the issue quickly. Secret Service spokesman Brian Leary confirmed that the agency is looking into the possible breach.
In a statement posted to the Michaels corporate Web site, chief executive Chuck Rubin said the Irving, Tex.,-based firm believes “it is in the best interest of our customers to alert them to this potential issue so they can take steps to protect themselves.”
The craft store chain urged customers to review their payment card statements for unauthorized charges but did not disclose how many customers may have been affected by a possible attack. Nor did it disclose when it believes hackers could have accessed its systems to collect payment information.
Cybersecurity reporter Brian Krebs reported Saturday that “multiple sources” in the banking industry said that they are “tracking a pattern of fraud” on hundreds of cards that customers recently used at the chain. Krebs also said that an unnamed fraud analyst has said that evidence of a Michaels data breach is popping up across the country, rather than from one store or one area.
The report noted that, in 2011, criminals had tampered with the actual in-store devices used to process cards at over 7,000 Michaels stores.
If Michaels’s customer data have been accessed by hackers, the chain would be the third big retailer in the last month to announce such a breach. Neiman Marcus said last week that the personal information of 1.1 million customers may have been taken in a three-month breach of its security systems. Target has estimated that more than 110 million customers have been affected by a cyberattack on its systems that began in December.
Rubin said that Michaels was disclosing a possible breach in light of “criminal efforts to penetrate the data systems of U.S. retailers,” but he offered no details on whether hackers had targeted the chain’s payment systems.
Both the Target and Neiman Marcus breaches were carried out in this way, though no retailer or law enforcement official has indicated whether any of these attacks are related.