A few months after Target and Neiman Marcus announced that credit card data had been taken by cyber-criminals, the arts and crafts store franchise Michaels confirmed that millions of credit card numbers may have been lifted from its database.
In a press release, Michaels stated that the breach happened between between May 8, 2013 and January 27, 2014. It added that the cyber criminals that committed this act used "highly sophisticated malware that had not been encountered previously by either of the security firms" the company used to discover the breach.
The end result was that 2.6 million credit card numbers that were used in Michaels stores in the U.S were exposed in the breach, which amounts to about seven percent of the credit cards that were used in those stores. A second breach caused 400,000 more numbers to be taken from Michaels' Aaron Brothers store unit.
Michaels says there is no evidence that personal customer information such as names, addresses or PIN numbers were also taken as part of this stolen data. The company says that the malware that was used for this breach "no longer presents a threat". It added that it is working with law enforcement authorities, along with banks and payment processors, to contain the damage.