The company has published a warning to customers that it might have experienced a “data security attack”, raising concerns in the security industry that Michaels may have joined Neiman Marcus and Target in the list of retailers who have become casualties to RAM-scraping malware targeting point-of-sale computers (also known as POS or cash registers).
A PDF statement linked from the homepage of the Michaels’ website warns of “possible fraudulent behaviour” seen on credit cards used by customers at the store.
If you have shopped at Michaels, keep a close eye on your payment card statements in case there are any unauthorised transactions. The company says it will offer offer identity protection and credit monitoring services at no cost to those at risk.
It’s bad news for Michaels as well as its customers, as questions will be asked as to whether the company learnt any lessons after suffering a damaging attack at its cash registers a couple of years ago.
Back in 2011, the retailer replaced thousands of PIN pads used by customers to type in their secret codes when making purchases, after it was discovered hackers had replaced them at a small number of stores.
That security breach resulted in the theft of about 94,000 payment card details.
Presently there are no figures for how many cards may have been put at risk by the latest security incident, but it would seem prudent for all Michaels customers to be on their guard.
For more details of the possible data breach at Michaels, check out this post by Brian Krebs.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.