Michaels’, a large arts and crafts retailer in the US, may have been the victim to unknown hackers.
The company has published a warning to customers that it might have experienced a “data security attack”, raising concerns that the retailer is yet another victim in a long line of retailers that suffered a major data breech recently, following Neiman Marcus and Target. It is believed that all of these retailers become casualties to RAM-scraping malware targeting point-of-sale machines (also known as POS or cash registers).
A PDF statement linked from the homepage of the Michaels’ website warns of “possible fraudulent behaviour” seen on credit cards used by customers at the store.
If you shopped at Michaels, keep a close eye on your credit card statements and follow up on any suspected unauthorised transactions. The company says it will offer identity protection and credit monitoring services at no cost to any customer at risk.
It’s bad news for Michaels as well as its customers, as questions will be asked as to whether the company learnt any lessons after suffering a damaging attack at its cash registers a couple of years ago. Back in 2011, the retailer replaced thousands of PIN pads used by customers to type in their secret codes when making purchases, after it was discovered hackers had replaced them at a small number of stores. That security breach resulted in the theft of about 94,000 payment card details.
Michaels said federal investigators and an outside forensics firm were investigating to determine if there had been a breach. The company said it decided to warn the public and launch a probe into the matter after hearing that there had been an increase in fraud involving cards of customers who had shopped at its stores. Currently there are no figures for how many cards may have been put at risk by the latest security incident, but it would seem prudent for all Michaels customers to be on their guard.
For more details of the possible data breach at Michaels, check out this post by Brian Krebs.