Michaels Hack Compromises About 3 Million Credit Cards

Michaels is now confirming that an eight-month security breach compromised about 3 million customers' credit and debit card data.
Posted at 1:51 PM, Apr 18, 2014

​Arts and crafts retailer Michaels is now confirming about 3 million credit card numbers were compromised by a hack.

The company warned customers of a possible cyberattack back in January. Turns out, the breach happened over an eight-month period from May 2013 to January of this year. (Via Newsy)

After months of investigation into the issue, the company said it only affected about 7 percent of cards used during that period. The hack took credit and debit card numbers and expiration dates. (Via Wikimedia Commons / Anthony92931)

But Michaels' CEO writes, "There is no evidence that other customer personal information, such as name, address or PIN, was at risk in connection with this issue."

The hack also hit Michaels' partner store, Aaron Brothers, but to a lesser degree. About 400,000 cards were affected between June 2013 and February 2014. 

​The CEO continues: "We are truly sorry and deeply regret any inconvenience this may cause. Our customers are always our number one priority and we are committed to retaining your trust and loyalty." (Via Michaels)

In a move similar to Target's after its big hack last holiday season, Michaels is offering identity protection, credit card monitoring services and fraud protection assistance to affected customers for 12 months — and at no cost. (Via WTNH)

A nice gesture, sure. But Krebs On Security says, “Incidentally, credit monitoring services will do nothing to protect consumers from fraud on existing financial accounts — such as credit and debit cards — and they're not great at stopping new account fraud committed in your name."

Although it looks similar, BGR says it's not clear if this attack is in any way related to the much larger breach on Target's system.

This is the second credit card attack on Michaels' customers in the past few years. In 2011, The Verge reports, the company "had their payment systems tampered to collect data which helped the crooks create counterfeit cards." (Via Wikimedia Commons / Michael Rivera)

You can find a list of affected stores on both Michaels and Aaron Brothers' websites.