Credit card thieves are an insatiable bunch.
According to KrebsOnSecurity, at least four financial institutions have spotted a series of fraudulent charges on cards used at the arts and crafts retail chain, which has more than 1,100 stores across the U.S. and Canada. The U.S. Secret Service has since confirmed that it’s investigating a potential data breach at Michaels.
“We are concerned there may have been a data security attack on Michaels that may have affected our customers’ payment card information and we are taking aggressive action to determine the nature and scope of the issue,” said Michaels CEO Chuck Rubin in a statement. “While we have not confirmed a compromise to our systems, we believe it is in the best interest of our customers to alert them to this potential issue so they can take steps to protect themselves, for example, by reviewing their payment card account statements for unauthorized charges.”
A fraud analyst for a large credit card processor told KrebsOnSecurity that hundreds of customer cards linked to Michaels Stores had been used for fraudulent purchases over the last two days. Many of those purchases took place at retailers like BestBuy and Target.
This wouldn’t be the first time that Michaels has experienced security issues. In 2011, investigators discovered at least 70 compromised point-of-sale terminals in Michaels stores across the country. Those modified or replaced machines enabled crooks to siphon customer payment card data and PINs.
A recent report suggests at least three retailers other than Target and Neiman Marcus experienced data breaches this holiday season. It appears highly likely that Michaels was one of the retailers targeted by hackers, though it’s unclear how Michaels’ security systems may have been compromised.
Multiple calls to Michaels representatives went unanswered, so we reached out via email to request more information. We’ll be sure to keep you updated as soon as we learn more.