The popular arts and crafts retailer Michaels is the latest U.S. chain-store to have its consumer’s financial data breached by hackers. In a statement released by Michaels, about 2.6 million customers’ credit and debit cards may be affected by the breach.
Hackers had access to Michaels’ consumer data from May 8th, 2013 through January 27th, 2014. A Michaels’ subsidiary, Aaron Brothers, was also attacked by hackers, adding another 400,000 credit and debit cards to the list.Security companies examining the breach claim the attack was “highly sophisticated.”
The hackers used malware that has never been seen before, the investigators said.“The affected systems contained certain payment card information, such as payment card number and expiration date, about both Michaels and Aaron Brothers customers. There is no evidence that other customer personal information, such as name, address or PIN, was at risk,” said the statement released by Michaels.
This is not the first time sensitive information has been exposed at Michaels. The latest breach is the second attack on Michaels since 2011.
U.S. Lawmakers are not exactly sympathetic towards large businesses having their data breached. A U.S. Senate report in March reprimanded Target for missing numerous chances to stop the unprecedented data breach in 2013. According to the report, Target ignored warning signs about malware in their secure data systems.
Over 40 million customers had their debit and credit card information compromised in the attack. The breach at Target lasted 19 days, from November 27th through December 15th, the peak of holiday shopping. Further investigation revealed that over 70 million consumers were affected, with hackers stealing consumer information such as home address, names, and telephone numbers. Hackers installed malware on Target’s cash register system in order to steal the data.