Michael’s Stores Confirm Payment Card Data Breach

Michael’s, the nationwide arts and crafts store, recently confirmed Thursday, that there was a security breach at certain systems that process card payments at its U.S. stores, and that of its unit, Aaron Brothers.

The letter was sent out to customers about the security breach. The letter said Michael’s said the breach took place between May 8, 2013 to January 27, 2014, and may have affected about 2.6 million cards, or about 7% of payment cards used at Michael’s during this time period. The letter also included that 400,000 payment cards used at Aaron Brothers unit were also impacted during the breach, which occurred between June 26, 2013 to February 27, 2014. No evidence that data, such as customers’ names or personal identification numbers were at risks.

In another report by ABC, Michael’s said it has contained the incident, which began last year. It has received limited reports of fraud from banks and the payment card brands that are potentially breached, thus why the statement was sent out on Thursday.

Pertaining to the beach, Chuck Rubin, the CEO of Michael’s, had this to say in a statement.

“We [Michael’s] are truly sorry and deeply regret any inconvenience this may cause. Our customers are always our number one priority and we are committed to retaining your trust and loyalty.”

“While we [Michael’s] have received limited reports of fraud, we are offering identity protection and credit monitoring services to affected Michael’s and Aaron Brothers customers in the U.S. for 12 months at no cost to them. We also are offering these customers a fraud assistance service for 12 months at no cost to them. This service provides customers with a trained representative to assist them in the event they experience a fraud-related issue resulting from this incident.”

This may be a noble attempt by Michael’s to protect their customers but unfortunately for them, this isn’t the first time their payment card data was compromised. Back in 2011, three Michael’s store in Las Vegas, Nevada were the victims of pin number theft, as reported here on The Inquisitr. According to that report, Michael’s identified that fewer than 90 pin pads showed signs of tampering. The discovery led to Micheal’s removing about 7,200 pin pads similar to those tampered in stores nationwide.

To view the letter from Michael’s CEO, Chuck Rubin, you may check it out on the official Michael’s website. Michael’s also provides links to financial services, as explained above, to customers who have been affected by the breach on their Payment Card Notice page.