Michaels investigating possible data breach

Arts and crafts retailer Michaels may be the latest store to fall victim to a security breach. In a statement released Saturday afternoon, the company said it is investigating a possible cyber attack on its payment card network.

It is unclear how many customers could potentially be affected or when and how the breach could have occurred.

"We are concerned there may have been a data security attack on Michaels that may have affected our customers' payment card information and we are taking aggressive action to determine the nature and scope of the issue," said Michaels CEO Chuck Rubin in a statement posted to the company's website. "While we have not confirmed a compromise to our systems, we believe it is in the best interest of our customers to alert them to this potential issue so they can take steps to protect themselves, for example, by reviewing their payment card account statements for unauthorized charges."

The statement also says that Michaels is working closely with federal law enforcement and data security experts to establish whether the store's payment system was compromised. The US Secret Service has confirmed it is investigating the matter.

The possible breach was uncovered when hundreds of customer cards linked to Michaels store locations had been used for fraudulent purchases in recent weeks. Michaels becomes the third major retailer to have recently announced an investigation into data breaches behind Neiman Marcus and Target (NYSE: TGT).

Last week, the FBI warned retailers to prepare for more cyber attacks after discovering approximately 20 hacking cases in the past year involving the same software used against Target. The Retail Industry Leaders Association, too, has advised merchants that it will be launching the RILA Cybersecurity and Data Privacy Initiative to expand its commitment to cybersecurity and data privacy.

Three years ago, Michaels suffered a data breach after hackers rigged PIN pads to steal about 94,000 card numbers from nearly 80 stores. The scam ran for three months undetected. Police departments eventually uncovered the source of the fraud, and Michaels replaced all 7,200 PIN machines at its 1,200 U.S. stores. The Department of Justice prosecuted two men charged in that case.

For more:
-See this Michaels statement
-See this Reuters article
-See this Retail Industry Leaders Association press release

Related stories:
Data Hacks: FBI Says More Breaches In Store, Neiman Marcus Says 1.1M Cards At Risk
NRF Issues Industry-Wide Directive Regarding Data Security, Calls For Chip and PIN
Neiman Marcus Confirms Credit Card Data Breach
Target Data Breach Gets Worse, 110 Million Shoppers At Risk
Target Now Says 70 Million People Affected by Breach