Michaels warns customers: ‘We may have experienced a data security attack’ (again)

Graham Cluley

Michaels Michaels, the biggest arts and crafts retailer in the United States, may be the latest big name to have fallen foul of hackers.

The company has published a warning to customers that it might have experienced a “data security attack”, raising concerns in the security industry that Michaels may have joined Neiman Marcus and Target in the list of retailers who have become casualties to RAM-scraping malware targeting point-of-sale computers (also known as POS or cash registers).

A PDF statement linked from the homepage of the Michaels’ website warns of “possible fraudulent behaviour” seen on credit cards used by customers at the store.

Michaels informs customers of possible data breach

If you have shopped at Michaels, keep a close eye on your payment card statements in case there are any unauthorised transactions. The company says it will offer offer identity protection and credit monitoring services at no cost to those at risk.

It’s bad news for Michaels as well as its customers, as questions will be asked as to whether the company learnt any lessons after suffering a damaging attack at its cash registers a couple of years ago.

Back in 2011, the retailer replaced thousands of PIN pads used by customers to type in their secret codes when making purchases, after it was discovered hackers had replaced them at a small number of stores.

That security breach resulted in the theft of about 94,000 payment card details.

Presently there are no figures for how many cards may have been put at risk by the latest security incident, but it would seem prudent for all Michaels customers to be on their guard.

For more details of the possible data breach at Michaels, check out this post by Brian Krebs.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.