Michaels reports a possible credit card data breach

January 28, 2014
min read

A third major retailer has reported another credit card data breach.

As of last Friday, the arts and craft giant has confirmed that it is working with Federal law enforcement and private security analysts to investigate a potential credit card data breach.

This breach could affect Canadians and Americans alike should there be an actual breach as the retailer has over 1,000 stores across North America.

At this point it is unknown whether the breach was from weak online security or old technology. Either way it's likely that the company had not paid close attention to PCI Data Security Standards.

Although Michaels has not confirmed an actual breach yet, security expert Brian Krebs believes that Michaels should be concerned as "four different financial institutions traced hundreds of fraudulent purchases back to cards that had been used at Michaels".

Michaels CEO, Chuck Rubin also wrote: "While we have not confirmed a compromise to our systems, we believe it is in the best interest of our customers to alert them to this potential issue so they can take steps to protect themselves, for example, by reviewing their payment card account statements for unauthorized charges."

With good intentions, they are taking the next step by investigating whether or not a breach before finding out a few months down the road and letting their customers know well after they have been affected.

This wont stop the lawsuits from coming however. On January 27th, an Illinois customer sued the company for breaching their promise to protect customer data. In addition, both Target and Neiman Marcus have been sued by customers since their recent data security disclosures and it's likely the lawsuits will continue.

If you have shopped at Michaels in-store or online, please check your credit card or debit card account statements fro suspicious activity.

If you are a business concerned about your security, consider contacting Kubera for guidance on credit card data security.