Download our in-depth report: The Ultimate Guide to IT Security Vendors
"We recently learned of possible fraudulent activity on some U.S. payment cards that had been used at Michaels, suggesting we may have experienced a data security attack," Michaels CEO Chuck Rubin wrote in the statement. "We are working closely with federal law enforcement and are conducting an investigation with the help of third-party data security experts to establish the facts. Although the investigation is ongoing, based on the information we have received and in light of the widely-reported criminal efforts to penetrate the data systems of U.S. retailers, we believe it is appropriate to notify our customers that a potential issue may have occurred."
All customers are advised to review their credit reports and credit card statements for unauthorized charges, and to call the company at (877) 412-7145 with any questions.
Prior to the company's announcement, Brian Krebs reported that a fraud analyst at a large credit card processor claimed to be seeing fraud on hundreds of cards that had recently been used at Michaels. "What's interesting is there's another [arts and framing] store called Aaron Brothers, and within [the] past week or two there was a lot of activity talking about Aaron Brothers," the fraud analyst told Krebs. "One of the things I learned the other day is that Aaron Brothers is wholly owned by Michael's. It really does look like kind of the way we saw the Target breach spin up, because fraud here isn't limited to one store or one area -- it's been all over the place."