X

Arts and crafts chain Michaels says credit card data may've been nicked

The company mentions recent attacks on retailers -- think Target and Neiman Marcus -- and says it "may have experienced a data security attack." An investigation is in progress.

Edward Moyer Senior Editor
Edward Moyer is a senior editor at CNET and a many-year veteran of the writing and editing world. He enjoys taking sentences apart and putting them back together. He also likes making them from scratch. ¶ For nearly a quarter of a century, he's edited and written stories about various aspects of the technology world, from the US National Security Agency's controversial spying techniques to historic NASA space missions to 3D-printed works of fine art. Before that, he wrote about movies, musicians, artists and subcultures.
Credentials
  • Ed was a member of the CNET crew that won a National Magazine Award from the American Society of Magazine Editors for general excellence online. He's also edited pieces that've nabbed prizes from the Society of Professional Journalists and others.
See full bio
Edward Moyer
2 min read

If you plopped down the plastic at arts and crafts store Michaels recently, you might want to check your statement.

The company said Saturday that it was investigating a potential payment-card security breach, a la those that affected Target and Neiman Marcus.

"Although the investigation is ongoing, based on the information we have received and in light of the widely reported criminal efforts to penetrate the data systems of US retailers, we believe it is appropriate to notify our customers that a potential issue may have occurred," the company said in a post on its Web site Saturday.

Michaels didn't say how many accounts might be affected. It runs more than 1,000 stores in the US and Canada.

Here's the company's full statement:

Letter from the CEO

January 25, 2014

To Our Valued Michaels Customers:

As you may have read in the news, data security attacks against retailers have become a major topic of concern. We recently learned of possible fraudulent activity on some US payment cards that had been used at Michaels, suggesting we may have experienced a data security attack.

We are working closely with federal law enforcement and are conducting an investigation with the help of third-party data security experts to establish the facts. Although the investigation is ongoing, based on the information we have received and in light of the widely reported criminal efforts to penetrate the data systems of US retailers, we believe it is appropriate to notify our customers that a potential issue may have occurred.

Throughout our 40-year history, our customers have always been our number one priority and we deeply regret any inconvenience this may cause. The privacy and security of our customers' information is of critical importance to us and we are focused on addressing this issue.

We recommend that you remain vigilant by reviewing your account statements for unauthorized charges. If you believe your payment card may have been affected, you should immediately contact your bank or card issuer. If we find as part of our investigation that any of our customers were affected, we will offer identity protection and credit monitoring services to them at no cost.

We will provide updates on our Web site (www.michaels.com) as our investigation continues. In the meantime, if you have any questions, please call us toll-free at 1-877-412-7145. Representatives will be available to answer questions beginning Sunday January 26, 2014, with operating hours Monday through Saturday from 8:00 a.m. CST to 11:00 p.m. CST and Sunday from 8:00 a.m. CST to 8:00 p.m. CST.

We apologize and truly regret any concern this may cause you.

Sincerely,

Chuck Rubin
CEO, Michaels Stores