The biggest home decor and crafts retailer in the US, Michaels Companies Inc, has warned customers that their credit cards could be compromised in a possible data theft that is currently under investigation.
The security breach on the Michaels card payment system has not yet been confirmed. The company initiated the probe when it came to their notice that some of its clients, who had paid for purchases with credit cards, later reported fraudulent activity on their accounts.
"We are concerned there may have been a data security attack on Michaels that may have affected our customers' payment card information," Michaels Chief Executive Chuck Rubin said in a statement emailed on Saturday to news outlets. "We are taking aggressive action to determine the nature and scope of the issue."
The statement also says that the Texas-based company is working closely with federal law enforcement, as well as data security experts, to establish whether the store’s payment system was compromised. The US Secret Service has confirmed it is investigating the matter.
Meanwhile, clients have been recommended to check their payment
card account statements for unauthorized charges.
If confirmed, the data breach at Michaels would be the second since 2011, when about 94,000 payment card numbers were stolen.
This time the possible breach comes at a sensitive time, when the company is preparing for its initial public offering.
"This is devastating for them because this is the second time in a row," said Gartner security analyst, Avivah Litan, cited by Reuters. "The public and the credit card companies are going to slap their wrist twice as hard because they'll say they haven't learned their lesson and that they can't be trusted."
What alleviates the blow somewhat for Michaels is that it’s actually the third major retailer to have recently announced an investigation into data breaches.
Earlier in January, Dallas-based Neiman Marcus, which caters to upper-income bracket shoppers, revealed 1.1 million of its clients credit and debit cards may have been compromised in last year’s spate of data thefts. The breach reportedly occurred through malicious software that collected payment card information from July 16 to October 30.
In December, Target Corp revealed that hackers stole sensitive data from their customers as part of a pre-Christmas data breach, which happened between November 27 and December 15. It was initially believed that 40 million credit and debit cards had been affected. The estimate was later corrected to 110 million.
Law enforcement officials and several cybersecurity experts have warned that still more attacks on retailers could yet be in store.