Michaels reveals breach details; 2.6 million cards affected

Irving, Texas -- Three months after the country’s largest arts and crafts chain revealed that its namesake and subsidiary stores had been hacked in what promised to be a major payment card security breach, Michaels Stores revealed late Thursday that 2.6 million cards were likely affected in the attack.



The data breach, which occurred between May 8, 2013 and Jan. 27, 2014, affected about 7% of all debit credit cards used at its namesake stores, said Michaels; its subsidiary Aaron Bros. had about 400,000 cards potentially affected across 54 of its stores.



The retailer was quick to point out that the security breach has been contained. It said that it has received “limited” reports of fraudulent payment card use, and that it is providing free fraud assistance, identity protection and credit-monitoring services to impacted customers.



The compromised data includes customer information such as payment card numbers and expiration dates. According to Michaels, there is no evidence that other personal information such as names, addresses or PIN numbers have been tapped.



"Our customers are always number one priority and we are truly sorry for any inconvenience or concern Michaels may have caused," said Chuck Rubin, CEO of Michaels, in a statement.