Home > 2014 > Identity Theft > What to Do If You Were Caught in the Michaels Data Breach

What to Do If You Were Caught in the Michaels Data Breach

Advertiser Disclosure Comments 0 Comments

Approximately 2.7 million consumer credit and debit cards may have been compromised by attacks on the payment systems at Michaels, a giant craft-supply retailer, and Aaron Brothers, its sister company.

Michaels informed customers in January of a potential breach, shortly after the revelation that hackers stole the credit and debit card information of millions of Target customers. Details about the Michaels breach were released April 17 in a statement from the company, which said point-of-sale systems were attacked between May 8, 2013 and Jan. 27, 2014. Card numbers and expiration dates seem to have been the only data stolen — not PINs, customer names or any other identifying information — according to an investigation.

Michaels has more than 1,100 stores in 49 states and Canada, making it the largest specialty craft retailer in North America. The company also operates more than 100 Aaron Brothers stores in nine states, according to its annual report filed with the Securities and Exchange Commission in 2013.

The 2.6 million potentially affected cards represent 7% of purchases made at Michaels during the breach period. (As for Aaron Brothers customers, about 400,000 cards may have been affected between May 8, 2013 and Jan. 27, 2014.) The company has received “limited reports of fraud” stemming from the attacks.

What You Need to Know

Here’s something that may be of comfort to consumers who are likely tired of hearing about data breaches and threats to their financial security: Michaels published a list of all affected stores and the dates during which malware hijacked their payment systems. If you know the stores you visited, you can check the site and compare the dates of attack with your credit card statements.

Watching your bank accounts for fraudulent transactions is a must, whether or not you shopped at Michaels during the breach, because you never know if and when a website or retailer that processed your payment information has been compromised (in case you haven’t noticed, it happens a lot).

If you’re concerned about more than credit card fraud, you can take advantage of the free 12-month credit monitoring and identity theft services Michaels offered to affected customers. Misuse of personal information may not be a concern with this breach, because it seems the hackers got only the card numbers and expiration dates. Identity theft is always a concern, given how much sensitive information we store digitally, so regularly checking your credit reports and scores (and you can get two scores per month with a free Credit.com account) should be a top priority, even if you’re not aware of being a victim of a specific breach.

More on Identity Theft:

Image: Anthony92931 via Wikimedia Commons

Comments on articles and responses to those comments are not provided or commissioned by a bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by a bank advertiser. It is not a bank advertiser's responsibility to ensure all posts and/or questions are answered.

Please note that our comments are moderated, so it may take a little time before you see them on the page. Thanks for your patience.

Certain credit cards and other financial products mentioned in this and other articles on Credit.com News & Advice may also be offered through Credit.com product pages, and Credit.com will be compensated if our users apply for and ultimately sign up for any of these cards or products. However, this relationship does not result in any preferential editorial treatment.