Posts Tagged: Michaels Stores

Dec 15

Skimmers Found at Some Calif., Colo. Safeways

Sources at multiple financial institutions say they are tracking a pattern of fraud indicating that thieves have somehow compromised the credit card terminals at checkout lanes within multiple Safeway stores in California and Colorado. Safeway confirmed it is investigating skimming incidents at several stores.


Banking sources say they’ve been trying to figure out why so many customers in the Denver and Englewood areas of Colorado were seeing their debit cards drained of cash at ATMs after shopping at Safeways there. The sources compared notes and found that all of the affected customers had purchased goods from one of several specific lanes in different compromised stores (the transaction data includes a “terminal ID” which can be useful in determining which checkout lanes were compromised.

Safeway spokesperson Brian Dowling said the fraud was limited to a handful of stores, and that the company has processes and procedures in place to protect customers from fraudulent activity.

“We have an excellent track record in this area,” Dowling said. “In fact, we inspect our store’s pin pads regularly and from time to time find a skimmer, but findings have been limited and small in scale. We immediately contact law enforcement and take steps to minimize customer impact.” Continue reading →

Jan 14

Sources: Card Breach at Michaels Stores

Multiple sources in the banking industry say they are tracking a pattern of fraud on cards that were all recently used at Michaels Stores Inc., an Irving, Texas-based arts-and-crafts retailer that maintains more than 1,250 stores across the United States.

michaelsOn Friday morning, I put a call in to SPM Communications, the public relations company listed as the press contact on After explaining why I was calling, I was referred to a Michael Fox of ICR Inc. When asked what line of business ICR was in, the SPM representative replied that it was a crisis communications firm. Mr. Fox replied via email that he would inquire with Michaels, but so far the company has declined to comment.

Update 1:34 p.m. ET: The U.S. Secret Service confirmed that it is investigating a potential data breach at Michaels. Also, Michaels has just issued a statement stating that it “recently learned of possible fraudulent activity on some U.S. payment cards that had been used at Michaels, suggesting that the Company may have experienced a data security attack.”

The statement continues:

“The Company is working closely with federal law enforcement and is conducting an investigation with the help of third-party data security experts to establish the facts. Although the investigation is ongoing, based on the information the Company has received and in light of the widely-reported criminal efforts to penetrate the data systems of U.S. retailers, Michaels believes it is appropriate to let its customers know a potential issue may have occurred.”

“We are concerned there may have been a data security attack on Michaels that may have affected our customers’ payment card information and we are taking aggressive action to determine the nature and scope of the issue,” said Chuck Rubin, CEO. “While we have not confirmed a compromise to our systems, we believe it is in the best interest of our customers to alert them to this potential issue so they can take steps to protect themselves, for example, by reviewing their payment card account statements for unauthorized charges.”

Their full statement is here (PDF).

Original story:

Sources with four different financial institutions have over the past few days said hundreds of customer cards that recently had been used for fraudulent purchases all traced back to Michaels stores as the common point of purchase.

On Friday, KrebsOnSecurity heard from a fraud analyst at a large credit card processor that was seeing fraud on hundreds of cards over the previous two days that all been recently used at Michaels. The fraudulent purchases on those cards, the source said, took place at the usual big box stores like BestBuy and Target.

“What’s interesting is there’s another [arts and framing] store called Aaron Brothers, and within past week or two there was a lot of activity talking about Aaron Brothers,” said the source, who asked to remain anonymous because he was not authorized to speak to the media. “One of the things I learned the other day is that Aaron Brothers is wholly owned by Michael’s. It really does look like kind of the way we saw the Target breach spin up, because the fraud here isn’t limited to one store or one area, it’s been all over the place.”

Assuming my sources are correct and Michaels did have some kind of breach involving payment cards, this would not be the first time. In May 2011, Michaels disclosed that crooks had physically tampered with some point-of-sale devices at store registers in some Chicago locations, although further investigation revealed compromised POS devices in stores across the country, from Washington, D.C. to the West Coast.

It remains unclear what type of compromise may have prompted several banks to identity Michaels as the breached entity. But recent breaches at Target and Neiman Marcus both involved highly sophisticated malicious software that stole credit and debit card information from point-0f-sale registers at those stores. Target has said the breach may have affected more than 40 million customer credit and debit cards, and name, address, email address and phone numbers for at least 70 million customers. Earlier this week, Neiman Marcus revealed that the breach at its stores extended from July 16, 2013 to Oct. 30, 2013, and may have impacted more than 1.1 million customer cards.

According to Fox, ICR Inc. was brought in by Michaels to handle the retailer’s planned transition to a public company. Last month, the company filed paperwork for a potential public offering of its common stock. According to those filings, Michaels generated revenue of $4.41 billion in 2012. Michaels has said the timing, number of shares to be sold and the price range for the proposed offering have not yet been determined.

May 11

Breach at Michaels Stores Extends Nationwide

Earlier this month, arts & crafts chain Michaels Stores disclosed that crooks had tampered with some point-of-sale devices at store registers in the Chicago area in a scheme to steal credit and debit card numbers and associated PINs. But new information on the investigation shows that many Michaels stores across the country have discovered compromised payment terminals.

Investigators close to the case, but who asked to remain anonymous because they did  not have permission to speak publicly, said that at least 70 compromised POS terminals have been discovered so far in Michaels stores from Washington D.C. to the West Coast.

In an alert (PDF) sent to customers, Irving, Texas based Michaels Stores said it learned of the fraud after being contacted by banking and law enforcement authorities regarding fraudulent debit card transactions traced back to specific stores.  The Beacon-News, a Chicago Sun-Times publication, last week cited local police reports from several victims, describing the typical fraud as multiple unauthorized withdrawals of up to $500 made from ATMs at banks on the West Coast. It remains unclear when affected stores were compromised.

Continue reading →