The Washington Post

Michaels discloses possible customer data breach; Secret Service investigating

Michaels said that has not yet confirmed a breach, but wanted to warn customers in light of other cyber attacks on retailers such as Target and Neiman Marcus. (Reuters, JAN 26No-Data-Available, JAN 26/Reuters)

The Secret Service confirmed Monday that is looking into a cybersecurity attack on Michaels craft stores, the latest in a string of major retailers to announce that attackers may have breached consumer information.

Michaels said Saturday that it has not yet confirmed any compromise to its systems but believed it was best to tell its customers about the issue quickly. Secret Service spokesman Brian Leary confirmed that the agency is looking into the possible breach.

In a statement posted to the Michaels corporate Web site, chief executive Chuck Rubin said the Irving, Tex.,-based firm believes “it is in the best interest of our customers to alert them to this potential issue so they can take steps to protect themselves.”

The craft store chain urged customers to review their payment card statements for unauthorized charges but did not disclose how many customers may have been affected by a possible attack. Nor did it disclose when it believes hackers could have accessed its systems to collect payment information.

Cybersecurity reporter Brian Krebs reported Saturday that “multiple sources” in the banking industry said that they are “tracking a pattern of fraud” on hundreds of cards that customers recently used at the chain. Krebs also said that an unnamed fraud analyst has said that evidence of a Michaels data breach is popping up across the country, rather than from one store or one area.

The report noted that, in 2011, criminals had tampered with the actual in-store devices used to process cards at over 7,000 Michaels stores.

If Michaels’s customer data have been accessed by hackers, the chain would be the third big retailer in the last month to announce such a breach. Neiman Marcus said last week that the personal information of 1.1 million customers may have been taken in a three-month breach of its security systems. Target has estimated that more than 110 million customers have been affected by a cyberattack on its systems that began in December.

Rubin said that Michaels was disclosing a possible breach in light of “criminal efforts to penetrate the data systems of U.S. retailers,” but he offered no details on whether hackers had targeted the chain’s payment systems.

Both the Target and Neiman Marcus breaches were carried out in this way, though no retailer or law enforcement official has indicated whether any of these attacks are related.

Related stories:

Neiman Marcus: 1.1 million in-store customers affected by breach

Easton-Bell Sports reports data breach at its online vendor

Follow The Post’s new tech blog, The Switch, where technology and policy connect.

Hayley Tsukayama covers consumer technology for The Washington Post.
Show Comments
Most Read
DJIA -1.29%
NASDAQ -3.25%
Last Update: 02/06/2016(DJIA&NASDAQ)



Success! Check your inbox for details.

See all newsletters

Close video player
Now Playing

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.