Michael’s Suffers Massive Loss of Credit Card Data in Newest POS Heist

The national art supply chain Michael’s has provided an update to its ongoing investigation into the data security issue it previously reported earlier this week.

The breach, which is said to have affected the credit cards of nearly three million customers, harkens back to the Target breach from last December, which claimed close to 40 times that amount when a piece of malware named “BlackPOS” wreaked havoc on the company during the busiest shopping season.

“In January, the Company learned of possible fraudulent activity on some U.S. payment cards that had been used at Michael’s stores. Since the announcement, the Company retained two independent, expert security firms to conduct an extensive investigation. The Company also has been working closely with law enforcement authorities and coordinating with banks and payment processors to determine the facts.

After weeks of analysis, the company discovered evidence confirming that systems of Michael’s stores in the United States and its subsidiary, Aaron Brothers, were attacked by criminals using highly sophisticated malware that had not been encountered previously by either of the security firms. The company has now identified and fully contained the incident and the malware no longer presents a threat while shopping at Michael’s.”

Michael’s, which also runs the lesser-known high end brand Aaron Brothers, claims none of the data that makes these types of breaches valuable or effective for POS pirates was stolen.

This includes customer names, addresses, phone numbers, security codes, or exposed PINs. This announcement reins in the potential threat a little.

The company is informing anyone who shopped at their store between May 13 of last year and January 27 of 2014 that a small portion of their information had been compromised under highly constrained circumstances.

The three million cards stolen only represent about 7 percent of all payments made at Michael’s and Aaron Brothers during the previously mentioned period of abuse, and both stores have already graciously offered to cover any expenses which may pass onto their customers as a result of the lost credit cards.