U.S. arts and crafts chain reports possible data breach

USPA News - Michaels Stores, the biggest U.S. arts and crafts retailer that maintains more than 1,200 stores across the country, said on Saturday that it is investigating a possible "data security attack" after hundreds of payment cards were reportedly used for fraudulent purchases. The possible data breach was first reported by security blogger Brian Krebs who cited sources with four different financial institutions.

He said hundreds of payment cards had been used for fraudulent purchases at stores such as BestBuy and Target over the past few days, and all were traced back to Michaels as the common point of purchase. The Texas-based company later confirmed it was investigating the possible data breach. "We are concerned there may have been a data security attack on Michaels that may have affected our customers` payment card information and we are taking aggressive action to determine the nature and scope of the issue," said Michaels CEO Chuck Rubin. Rubin added: "While we have not confirmed a compromise to our systems, we believe it is in the best interest of our customers to alert them to this potential issue so they can take steps to protect themselves, for example, by reviewing their payment card account statements for unauthorized charges." In a letter to customers, Rubin detailed that it had recently learned of possible fraudulent activity on some U.S. payment cards that had previously been used at Michaels. "We are working closely with federal law enforcement and are conducting an investigation with the help of third-party data security experts to establish the facts," he added. The company said it would offer identity protection and credit monitoring services to affected customers at no cost, but could not say whether it was now safe to use a payment card at its store. "The company has taken steps to contain this issue and is continuing to address it aggressively," Michaels added in the letter to customers. The possible data breach comes just weeks after Target, the country`s third largest retailer, disclosed it had been the victim of one of the biggest retailer cyber attacks in history. It said about 40 million credit and debit card records had been stolen, as well as the personal information of up to 70 million customers.