Crafts-Store Chain Says It May Have Been Victim of Attack

By Andrew Dowell, Wall Street Journal

Michaels Stores Inc. said it may have been the victim of an attack on its data security, making it the third major chain in a rash of assaults aimed at U.S. retailers.

In a statement on its website, the arts-and-crafts retailer said it had recently learned of possible fraudulent activity involving credit or debit cards that had been used at Michaels. The company said it hasn’t determined that a breach occurred, but said it is working with federal law-enforcement authorities and computer-security experts to determine what happened.

The disclosure echoed recent acknowledgments by Target Corp. and Neiman Marcus Group that they had suffered data breaches that compromised customers’ card information. Target said 40 million debit and credit card accounts had been affected, and Neiman said last week that 1.1 million accounts had potentially been exposed. In those cases, software was slipped into the retailers’ systems to quietly scrape card data.

Michaels, like those two retailers, made its comments following inquiries from security researcher and blogger Brian Krebs. In the statement, Michaels Chief Executive Chuck Rubin said the retailer was disclosing the issue to alert customers so they could take steps to protect themselves.

Read more at the Wall Street Journal