The national arts-and-crafts chain Michaels has reported a security breach that affected 3 million payment cards at its stores.
The data was accessed "by criminals using highly sophisticated malware" that two cybersecurity firms investigating the breach for Michaels had not seen before, according to Michaels CEO Chuck Rubin.
The breach occurred between May 8, 2013, and Jan. 27, 2014, and applies to about seven percent of card transactions made, CNN Money reported. The store’s subsidiary Aaron Brothers was hacked, too, with an additional 400,000 cards compromised between June 26, 2013, and Feb. 27, 2014.
While there’s no proof that information like customers’ PINs and names were stolen, some credit and debit card numbers and expiration dates were compromised.
Maryland stores that were hacked include Annapolis, Bel Air, Baltimore, Bowie, California, Columbia, Ellicott City, Frederick, Gaithersburg, Germantown, Glen Burnie, Hagerstown, Hanover, Laurel, Lutherville-Timonium, Ocean City, Owings Mills, Rockville, Salisbury, Silver Spring, Towson, Waldorf and Westminster, according to Michaels. See the list of stores and dates they were affected.
The hacking comes on the heels of similar breaches at Target and Neiman Marcus.
Rubin issued a message to customers that the company has since contained the problem. "We can assure you the malware no longer presents a threat to customers while shopping at Michaels or Aaron Brothers," the CEO said.
Concerned your information was compromised?
- Check your bank statements and alert your financial institution if you find anything suspicious.
- Report fraud to the Federal Trade Commission at 877-438-4338, and consider placing a fraud alert on your accounts.
- Michaels is offering free identity protection and credit monitoring assistance for the next year to those who were affected. Get details on that here.