The craft store said Thursday that nearly 2.6 million customers’ information had been stolen from its point-of-sale system. The company said security firms had found that criminals broke into Michaels’s system using “highly sophisticated malware that had not been encountered previously by either of the security firms.”
The Reston store, one of eight in Northern Virginia affected, was breached from May 8, 2013 – July 29, 2013, Michaels said.
The stolen information at both stores includes credit and debit card numbers and expiration dates. Customer names, Personal Identification Numbers (PINs) and addresses were not affected, the company said.
Michaels said it would offer customers free credit monitoring services for one year.
“We previously informed our customers and relevant regulators that we might have experienced a data security issue,” the company said in a statement. “Since the announcement, we retained two independent, expert security firms to conduct an extensive investigation. We also have been working closely with law enforcement authorities and coordinating with banks and payment processors to determine the facts. As soon as available, we provided data about potentially affected payment cards to the relevant card brands so they could take appropriate action.”
The store chain says the problem has been fixed and it is now safe to use credit and debit cards at the store.
They are advising customers to contact their bank or credit card company if they think they might be at risk. Customers can also call Michaels at 1-877-412-7145.