Michaels Arts and Crafts officials said they have “identified and fully contained” a January incident in which its security systems were infected with malware and transactional data dating back to May 2013 – including approximately 3 million credit card numbers – was stolen.
Following the data breach, the Irving, Texas-based supply store chain – with North Shore locations in Manhasset and Westbury – hired two independent security firms that found Michaels and its subsidiary, Aaron Brothers Art and Framing, were hacked using a malware program that officials said neither agency had previously encountered.
“Our customers are always our No. 1 priority and we are truly sorry for any inconvenience or concern Michaels may have caused,” said Chuck Rubin, chief executive officer of Michaels. “We are committed to assisting affected customers by providing fraud assistance, identity protection and credit-monitoring services. Importantly, with this incident now fully contained, we can assure customers this malware no longer presents a threat to shoppers at Michaels or Aaron Brothers.”
Michaels has five locations in Nassau County, while Aaron Brothers has stores primarily in the western United States and Georgia.
The company’s analysis found that the attack affected point-of-sale systems at Michaels between May 8, 2013 and Jan. 27, 2014 and at Aaron Brothers from June 26, 2013 and Feb. 27, 2014.
The malware yielded 2.6 million credit card numbers from Michaels stores and approximately 400,000 from Aaron Brothers shoppers, though officials said there was no evidence to suggest that customers’ names, addresses or bank account passwords were part of the data breach.
While officials said Michaels has received limited fraud reports from affected customers, the company is offering free identity protection, credit monitoring and fraud assistance services to customers within the United States for up to one year. The corresponding credit card brands affected by the breach have also been notified of the incident.
“In an era where very sophisticated and determined criminals have proven capable of successfully attacking a wide range of computer networks, we must increase our levels of vigilance,” Rubin said. “Michaels is committed to working with all appropriate parties to improve the security of payment card transactions for all customers.”
