KARE 11 reports data breach on Michael’s Arts & Crafts

The data breach in the Michaels Arts and Crafts chain includes 23 stores in Minnesota, according to a list released Friday, April 18 by Texas based art supply retailer.

The company, which notified customers of a possible breach in January, has not verified that hackers used a “highly sophisticated malware” software to attack the cash register credit card swiping machines. That type of attack is one of the leading theories explaining the much larger Target Stores data breach from November and December of 2013.

Michaels estimated that 2.6 million payment cards were affected by the security breach, during the eight-month period between May 8, 2013 and Jan. 27, 2014. The cyber criminals were able to get card numbers and expiration dates by raiding the store’s payment card system, but company officials say customers’ names, addresses and PIN numbers were not taken.

“We are truly sorry and deeply regret any inconvenience this may cause,” Chuck Rubin, the CEO of Michael Stores Inc., wrote in an open letter to customers on the company’s home page.

“Our customers are always our number one priority and we are committed to retaining your trust and loyalty.”

Rubin said cyber security technicians removed that malicious software three months ago after the initial red flags were discovered.

The company has notified banks and credit card companies, and has directed customers to a special section of the Michaels web page for more information on the breach, and a FAQ on what steps consumers should take if they believe their cards may have been compromised.

Michaels, which has 1,145 stores nationwide and in Canada, is offering free identity theft protection to anyone who has suffered a financial loss as a result of the breach, but noted those 2.6 million cards represented only seven percent of all the cards used at the chain since the invasion began.

Michaels is advising customers to check their credit card statements carefully, to look for unauthorized and unfamiliar purchases. Consumers are also urged to get a free credit report from one of the one of the following major credit reporting agencies:

The Minnesota Department of Commerce also issued a consumer alert Friday, April 18 laying what customers should do to protect themselves from identity theft in general. That advice also includes checking credit card bills closely, handling receipts carefully and accessing credit bureau reports.

This was a great article.  I do not think these matters are going away, in fact, they are increasing.  Your security does matter, call Mike Zitek @ Zitek Insurance Group and have us evaluate your current coverage.  If you do not have cyber coverage, let us get this placed for you as soon as possible.