US retailer Michaels Stores confirms card data breach

After Target and Neiman Marcus, also US retailer Michaels Stores confirms card data breach occurred early this year, the second one in the company hystory.

Early this year was spread the news that Michaels Stores Inc, the biggest U.S. arts and crafts retailer, was the victim of a severe data breach.

Michaels Stores Inc. retailer was the last victim of a series of massive data breach, a few weeks after the hack of US retailers Target and Neiman Marcus. Michaels Stores Inc has more than 1,250 stores across the United States, in January Fraud experts have detected a pattern of illicit activities on a set of cards all recently used at the store of the company.

This week the Michaels Stores Inc. confirmed the presence of a flaw at certain payment systems at its U.S. stores and that of its unit, Aaron Brothers, as reported by the Reuters news agency.

According first revelations made by Michaels Stores representatives the data breach occurred between May 8, 2013 and January 27, 2014. Its impact is considerable severe, it has been estimated that data about 2.6 million cards was stolen, about 7 percent of payment cards used by its customers at the US stores.

Michaels Stores Inc. also confirmed the potential exposure of data related to 400,000 cards at its Aaron Brothers unit in the period between June 26, 2013 and February 27, 2014.

“There was no evidence that data such as customers’ name or personal identification number were at risk, Michaels Stores said in a statement.”

The systems at Michaels Stores were infected with malware designed to steal payment information, thanks the support of a cyber security firm the malicious code was identified and removed from the machines.

The US retailers are planning to form an industry group to share information on incidents and establish a surveillance center for fraud prevention. The number of cyber threats targeting retailers are even more complex and difficult to identify, security firms are suggesting a layered approach to promptly identify patterns related to ongoing cyber attacks.

Pierluigi Paganini

(Security Affairs –  Michaels Stores, data breach)