3 Million Cards Affected in Michael’s Breach

April 21, 2014

More details of the security breach at arts-and-crafts retailer Michael’s, first reported by Brian Krebs at KrebsonSecurity.com, emerged before the weekend when the company disclosed the payment information of 3 million customers was compromised in the attack. While Krebs reported the intrusion on Jan. 25, the Irving, Texas-based company said it had not commented before this because an investigation by two independent security firms at first could not conclusively confirm a break in.

In the company’s first public statement since January, however, it confirmed its POS systems had been compromised between May 8, 2013 and Jan. 27, 2014 affecting 2.6 million customers at Michael’s and 400,000 more at sister store Aaron Brothers. The company said the evidence showed the company’s systems were hacked using “highly sophisticated malware that had not been encountered previously by either of the security firms.”

In its statement, the retailer said while card numbers and expiration dates were lost to fraudsters, other personal information including names addresses and PINs were not compromised.

To hear directly from Brian Krebs, the man who informed the world about Target, Neiman Marcus, Michael’s and others, be sure to register for the CNP Expo in Orlando, May 19-22. Payment security is under attack and Krebs’ keynote details just how bad it is and what can be done. Register now , because prices to attend the CNP Expo are going up after this Friday.