Michaels Says It’s Found Possible Customer-Accounts Breach

Michaels Stores Inc., the world’s largest arts-and-crafts retailer, said some of its customer payment-card data may have been used fraudulently, making it the third U.S. retailer to report such a breach since December.

Michael Fox, a spokesman for Michaels, declined to say when the data-security attack may have occurred, when the company learned of it or how many customer accounts may be affected. He said the matter is being investigated and any new information will be posted on the company’s website.

“While we have not confirmed a compromise to our system, we believe it is in the best interest of our customers to alert them to this potential issue,” said Chief Executive Officer Chuck Rubin in a statement yesterday.

The retailer said it’s working with law enforcement and a third party to determine the scope of the problem. Ed Donovan, a spokesman for the U.S. Secret Service, confirmed that his agency is investigating the breach. He declined to comment further.

Michaels, which sells everything from painting supplies to floral arrangements to yarn, said it’s urging customers to check their account statements for unauthorized charges.

The Irving, Texas-based company operated 1,259 stores on Nov. 2, according to a Dec. 10 regulatory filing.

2011 Breach

Michaels revealed in May 2011 that pin pads within stores from Washington to New Jersey had been tampered with, leading to exposed customer payment over a period of about four months, according to a company statement at the time. About 1 percent of pin pads in its U.S. stores appeared to have been affected and less than 100 customer debit cards were used in fraudulent transactions stemming from the breach, Michaels said at the time.

Last month, Target Corp. said as many as 40 million customer accounts were compromised at its stores during the holiday shopping season. Weeks later, Neiman Marcus Group Ltd. said about 1.1 million credit cards may have been part of a security breach.

Both stores are being investigated by some states’ attorneys general. Customers have filed almost two dozen lawsuits again Target.

U.S. House and Senate lawmakers are stepping up demands for greater scrutiny of data breaches at Target. House lawmakers are planning a hearing for the first week of February, and a Senate subcommittee was to hold a hearing on the data breaches.

Before it's here, it's on the Bloomberg Terminal.