U.S. arts and crafts chain reports possible data breach

[News_Editor]

IRVING, TEXAS (BNO NEWS) -- Michaels Stores, the biggest U.S. arts and crafts retailer that maintains more than 1,200 stores across the country, said on Saturday that it is investigating a possible "data security attack" after hundreds of payment cards were reportedly used for fraudulent purchases.

The possible data breach was first reported by security blogger Brian Krebs who cited sources with four different financial institutions. He said hundreds of payment cards had been used for fraudulent purchases at stores such as BestBuy and Target over the past few days, and all were traced back to Michaels as the common point of purchase.

The Texas-based company later confirmed it was investigating the possible data breach. "We are concerned there may have been a data security attack on Michaels that may have affected our customers' payment card information and we are taking aggressive action to determine the nature and scope of the issue," said Michaels CEO Chuck Rubin.

Rubin added: "While we have not confirmed a compromise to our systems, we believe it is in the best interest of our customers to alert them to this potential issue so they can take steps to protect themselves, for example, by reviewing their payment card account statements for unauthorized charges."

In a letter to customers, Rubin detailed that it had recently learned of possible fraudulent activity on some U.S. payment cards that had previously been used at Michaels. "We are working closely with federal law enforcement and are conducting an investigation with the help of third-party data security experts to establish the facts," he added.

The company said it would offer identity protection and credit monitoring services to affected customers at no cost, but could not say whether it was now safe to use a payment card at its store. "The company has taken steps to contain this issue and is continuing to address it aggressively," Michaels added in the letter to customers.

The possible data breach comes just weeks after Target, the country's third largest retailer, disclosed it had been the victim of one of the biggest retailer cyber attacks in history. It said about 40 million credit and debit card records had been stolen, as well as the personal information of up to 70 million customers.

(Copyright 2014 by BNO News B.V. All rights reserved. Info: [email protected].)

[Chicog]

Used at Target? Didn't they breach something like 70 million card users details at POS?

And when are they going to make good the losses?

Added: Actually it was 110 million.

[F430murci]

Pesky Russians. Perhaps Snowden helping here. I dunno. Putin certainly gets a kick out of all this and Russians are able to do this with impunity as there are no consequences in Russia for actions such as this or for violations of copy right right and patent infringement of US copyrights and patents.

Buzz from Moscow streets, which may be taken however you like, is official word of target data breach code was a 17 year old Russian kid, but the code was so dang sophisticated that perhaps someone like Snowden had some input. Timing is about right and Putin may be saying if you wanna eat, start typing . . .