Cyber Monday Sale! 50% Off All Access

Crafts Chain Michaels Confirms Nearly 3 Million Credit Cards Compromised in Data Breach A security hole allowed data thieves access to some customer card information but not names, addresses or PINs.

By Benjamin Kabin

Opinions expressed by Entrepreneur contributors are their own.

Arts and crafts chain Michaels Stores confirmed yesterday that the credit and debit card information of nearly 3 million customers may have been compromised in a breach discovered earlier this year.

Michaels said that although information such as card numbers and expiration dates were compromised, other data, such as customers' names, addresses and PINs, were not exposed.

The 2.6 million affected cards were used by shoppers at Michaels between May 8, 2013, and January 27, 2014, or at one of the company's 54 Aaron Brothers stores between June 26, 2013, and February 27, 2014. According to Michaels, that represents 7 percent of all cards used in their stores during that period.

Related: Crafts Store Michaels May Be the Latest Victim of a Data Hack

The company said it had been the victim of an eight-month-long data breach that has since been "full contained." However, Michaels said it had received some reports of fraud from banks and card companies that could be related to the incident.

The data breach was first reported on January 25 when computer security researcher Brian Krebs learned of a pattern of fraud involving cards recently used at Michaels stores.

The company quickly issued a statement and began working to find and fix the breach within two days.

Related: Better Late Than Never? Target Accelerating Program to Detect Credit-Card Fraud.

"In an era where very sophisticated and determined criminals have proven capable of successfully attacking a wide range of computer networks, we must all increase our level of vigilance," Michaels CEO Chuck Rubin said in a statement. "We are committed to assisting affected customers by providing fraud assistance, identity protection and credit monitoring services. Importantly, with this incident now fully contained, we can assure customers this malware no longer presents a threat to shoppers."

This is the second incident of its kind Michaels has had to deal with in the past three years. In 2011, the company said data thieves had tampered with POS devices at stores across the country.

Affected customers are being offered free credit monitoring and ID theft services at no cost for 12 months through AllClearID.

Related: Target CIO Out Following Data Breach

Benjamin Kabin

Journalist

Benjamin Kabin is a Brooklyn-based technology journalist who specializes in security, startups, venture capital and social media.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Business News

'Something Previously Impossible': New AI Makes 3D Worlds Out of a Single Image

The new technology allows viewers to explore two-dimensional images in 3D.

Business News

'Pre-Boarding Scam': Customers Furious at Southwest Airlines After 20 Passengers Ask For Wheelchair Assistance to Board

A viral tweet is slamming the airline's wheelchair policy for boarding and disembarking.

Business News

'I Stand By My Decisions': A CEO Is Going Viral For Firing Almost All of the Company's Employees — Here's Why

The Musicians Club CEO Baldvin Oddsson fired 99 workers at once over Slack for missing a morning meeting. But there's a catch.

Fundraising

They Turned Down an Early Pay Day to Maintain Control of Their Business. And Then Went on to Raise $190 Million.

Jason Yeh, co-founder and General Partner of Patron, explains the early-stage venture firm's creation and future outlook.

Business News

'This Company Has Been My Life': Intel CEO Retires, Reportedly Forced Out

Intel CEO Pat Gelsinger has led the company since February 2021 and said his departure is "bittersweet."