Cyber Incident Victim: Michaels Stores Inc.
Date:
Jan 2014
Location:
United States of America
Summary
Michaels Stores Inc. experienced a potential data security attack impacting customer payment card information, identified through fraudulent activity on cards recently used at its locations. The company initiated an investigation with third-party experts and collaborated with federal law enforcement, acknowledging the breach possibility while urging customers to monitor accounts for unauthorized charges. This incident followed a prior compromise involving physical tampering of point-of-sale devices across multiple stores. The breach's nature aligned with patterns observed in other retail compromises involving malware targeting payment systems, though specific technical details remained unconfirmed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In January 2014, multiple banking institutions detected a pattern of fraudulent activity on payment cards recently used at Michaels Stores Inc., an arts-and-crafts retailer operating over 1,250 U.S. locations. Sources from four financial institutions and a large credit card processor reported hundreds of compromised cards linked to Michaels transactions, with fraudulent purchases occurring at retailers like BestBuy and Target. On January 24, 2014, KrebsOnSecurity contacted Michaels' public relations firm, SPM Communications, and was referred to crisis communications firm ICR Inc. The following day, Michaels issued a public statement acknowledging it had "recently learned of possible fraudulent activity" on U.S. payment cards used at its stores, suggesting a potential data security attack. CEO Chuck Rubin emphasized the company had not confirmed a system compromise but urged customers to review account statements for unauthorized charges. The U.S. Secret Service confirmed an active investigation into the potential breach, while Michaels initiated its own probe with third-party data security experts and federal law enforcement collaboration.
The incident bore similarities to contemporaneous breaches at Target and Neiman Marcus, which involved malware stealing card data from point-of-sale (POS) systems. Fraud patterns suggested a widespread compromise, with affected cards traced to Michaels locations nationwide. Suspicious activity was also noted at Aaron Brothers, a framing retailer wholly owned by Michaels. This marked Michaels' second major security incident, following a 2011 breach where criminals physically tampered with POS devices across stores from Chicago to Washington, D.C. and the West Coast. The 2014 investigation remained ongoing at the time of reporting, with no confirmed details about attack methods or data types compromised. Michaels' disclosure coincided with its preparations for a public stock offering, having filed paperwork the previous month amid 2012 revenues of $4.41 billion. The company declined further comment beyond its initial statement, which framed the alert as precautionary given broader criminal targeting of U.S. retailers.