The Canadian stores of Texas-based arts and crafts retailer Michaels Stores Inc. were apparently unaffected by an eight-month security attack that ended in January and collected data on 3 million credit or debit cards, according to the company.
In a statement from CEO Chuck Rubin and a press release, the company said systems in its American stores and that of a U.S. subsidiary called Aaron Brothers “were attacked by criminals using highly sophisticated malware that had not been encountered previously by either of the security firms” hired to investigate the breach.
The statement issued last week said the retailer has now contained the malware and it is no longer a threat.
“The affected systems contained certain payment card information, such as payment card number and expiration date, about both Michaels and Aaron Brothers customers. There is no evidence that other customer personal information, such as name, address or PIN, was at risk in connection with this issue,” Rubin said on a company Web page.
Like the Target department store attack, which ran last fall, the attackers went after Michaels’ point of sale machines. The company figures about seven per cent of the cards used by customers were exposed, 2.6 million at Michaels and 400,000 at Aaron Brothers.
The Michaels breach was discovered in January. There have been “limited reports” so far from payment card companies of fraudulent use of card numbers.
“We are truly sorry and deeply regret any inconvenience this may cause,” Rubin said. Our customers are always our number one priority and we are committed to retaining your trust and loyalty.”
To meet the worries of customers, identity protection and credit monitoring services are being offered to affected Michaels and Aaron Brothers shoppers in the U.S. for 12 months at no cost. The retailer is also offering access to a fraud assistance service for 12 months at no cost which will help them if they are victimized as a result of the breach.
“In an era where very sophisticated and determined criminals have proven capable of successfully attacking a wide range of computer networks, we must all increase our level of vigilance,” Rubin added. Michaels is committed to working with all appropriate parties to improve the security of payment card transactions for all consumers.”
The bot threat
Some of the most serious threats networks face today are "bots," remotely controlled robotic programs that strike in many different ways and deliver destructive payloads, self propagating to infect more and more systems and eventually forming a "botnet."