Michaels warns customers: ‘We may have experienced a data security attack’ (again)

Graham Cluley
Graham Cluley
@[email protected]

MichaelsMichaels, the biggest arts and crafts retailer in the United States, may be the latest big name to have fallen foul of hackers.

The company has published a warning to customers that it might have experienced a “data security attack”, raising concerns in the security industry that Michaels may have joined Neiman Marcus and Target in the list of retailers who have become casualties to RAM-scraping malware targeting point-of-sale computers (also known as POS or cash registers).

A PDF statement linked from the homepage of the Michaels’ website warns of “possible fraudulent behaviour” seen on credit cards used by customers at the store.

Michaels informs customers of possible data breach

If you have shopped at Michaels, keep a close eye on your payment card statements in case there are any unauthorised transactions. The company says it will offer offer identity protection and credit monitoring services at no cost to those at risk.

It’s bad news for Michaels as well as its customers, as questions will be asked as to whether the company learnt any lessons after suffering a damaging attack at its cash registers a couple of years ago.

Sign up to our free newsletter.
Security news, advice, and tips.

Back in 2011, the retailer replaced thousands of PIN pads used by customers to type in their secret codes when making purchases, after it was discovered hackers had replaced them at a small number of stores.

That security breach resulted in the theft of about 94,000 payment card details.

Presently there are no figures for how many cards may have been put at risk by the latest security incident, but it would seem prudent for all Michaels customers to be on their guard.

For more details of the possible data breach at Michaels, check out this post by Brian Krebs.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.