Michaels Stores Inc, the biggest U.S. arts and crafts retailer, on Thursday confirmed that there was a security breach at certain systems that process payment cards at its U.S. stores and that of its unit, Aaron Brothers.
The company said in January that it was working with federal law enforcement officials to investigate a possible data breach.
Michaels Stores said the breach, which took place between May 8, 2013 and January 27, 2014, may have affected about 2.6 million cards, or about 7 percent of payment cards used at its stores during the period.
The company said about 400,000 cards were potentially impacted at its Aaron Brothers unit by the breach, which occurred between June 26, 2013 and February 27, 2014.
There was no evidence that data such as customers' name or personal identification number were at risk, Michaels Stores said in a statement.
This is the second known data breach since 2011 at Michaels Stores.
Michaels Stores, whose major investors are Blackstone Group LP and Bain Capital LP, said cyber security firms it hired found that malware not encountered previously had been used in the latest attack.
The company said it was working with law enforcement authorities, banks and payment processors, and that the malware no longer presents a threat.
Michaels Stores, which resubmitted its IPO documents late last month following a restructuring, is the latest U.S. retailer whose systems have been breached.
Last year, the No.3 U.S. retailer Target Corp suffered a massive security breach that resulted in the theft of some 70 million customer records.
Reuters reported in January that smaller breaches on at least three other well-known U.S. retailers took place and were conducted using similar techniques as the one on Target.
U.S. retailers are planning to form an industry group for collecting and sharing intelligence in a bid to prevent future attacks.
Michaels Stores, which owns several private brands such as Recollections, Artist's Loft and Loops & Threads, competes with Hooby Lobby Stores Inc, Jo-Ann Stores Inc and Wal-Mart Stores Inc.
It went on for eight months? Did Target's last that long? I had it in my mind their breach was more an end of 2013 event.
It was my understanding Target's breach was over a period of a few weeks, to maybe a month. Not 100% positive though, but I swear everything I read said something along those lines.
This is annoying. I'm there all of the time, so I'm sure I used my card during this time period.
I heard what I thought was a great, if marginally PITA, tip the other day during a podcast about preventing identity theft and fraud. It was recommended that you get a replacement credit card with a new number every so often, rather than holding onto the same card number until it expires. It can't prevent ID theft or fraud but it can limit the likelihood that you will be a victim.
This is annoying. I'm there all of the time, so I'm sure I used my card during this time period.
I heard what I thought was a great, if marginally PITA, tip the other day during a podcast about preventing identity theft and fraud. It was recommended that you get a replacement credit card with a new number every so often, rather than holding onto the same card number until it expires. It can't prevent ID theft or fraud but it can limit the likelihood that you will be a victim.