On Saturday, security journalist Brian Krebs reported on what looks to be yet another security breach at a big-name national retailer. This time, the craft store Michaels is in the crosshairs. It seems that after being used at Michaels-owned locations, fraudulent purchases were made on at least “hundreds” of customer cards.
While Michaels has not yet confirmed a data breach, it published a press release (PDF) on Saturday saying “The Company is working closely with federal law enforcement and is conducting an investigation with the help of third-party data security experts to establish the facts. Although the investigation is ongoing, based on the information the Company has received and in light of the widely-reported criminal efforts to penetrate the data systems of U.S. retailers, Michaels believes it is appropriate to let its customers know a potential issue may have occurred.” The US Secret Service has confirmed that it is investigating the matter.
The news of a potential hack follows similar reports starting late November that Target suffered a data breach that lost the credit card numbers of over 40 million customers and the personal information of over 70 million customers. Earlier this month, luxury retailer Nieman Marcus also admitted that malware on its systems had exposed 1.1 million payment cards to hackers.