Approximately 2.7 million consumer credit and debit cards may have been compromised by attacks on the payment systems at Michaels, a giant craft-supply retailer, and Aaron Brothers, its sister company.
Michaels informed customers in January of a potential breach, shortly after the revelation that hackers stole the credit and debit card information of millions of Target customers. Details about the Michaels breach were released April 17 in a statement from the company, which said point-of-sale systems were attacked between May 8, 2013 and Jan. 27, 2014. Card numbers and expiration dates seem to have been the only data stolen — not PINs, customer names or any other identifying information — according to an investigation.
Michaels has more than 1,100 stores in 49 states and Canada, making it the largest specialty craft retailer in North America. The company also operates more than 100 Aaron Brothers stores in nine states, according to its annual report filed with the Securities and Exchange Commission in 2013.
The 2.6 million potentially affected cards represent 7% of purchases made at Michaels during the breach period. (As for Aaron Brothers customers, about 400,000 cards may have been affected between May 8, 2013 and Jan. 27, 2014.) The company has received “limited reports of fraud” stemming from the attacks.
What You Need to Know
Here’s something that may be of comfort to consumers who are likely tired of hearing about data breaches and threats to their financial security: Michaels published a list of all affected stores and the dates during which malware hijacked their payment systems. If you know the stores you visited, you can check the site and compare the dates of attack with your credit card statements.
Watching your bank accounts for fraudulent transactions is a must, whether or not you shopped at Michaels during the breach, because you never know if and when a website or retailer that processed your payment information has been compromised (in case you haven’t noticed, it happens a lot).
If you’re concerned about more than credit card fraud, you can take advantage of the free 12-month credit monitoring and identity theft services Michaels offered to affected customers. Misuse of personal information may not be a concern with this breach, because it seems the hackers got only the card numbers and expiration dates. Identity theft is always a concern, given how much sensitive information we store digitally, so regularly checking your credit reports and scores (and you can get two scores per month with a free Credit.com account) should be a top priority, even if you’re not aware of being a victim of a specific breach.
More on Identity Theft:
- Identity Theft: What You Need to Know
- How Do I Dispute an Error on My Credit Report?
- How Can You Tell If Your Identity Has Been Stolen?
Image: Anthony92931 via Wikimedia Commons