CONSUMER WATCH: Nearly 3 million credit cards impacted by Michaels breach

By Millaine Wells, Local 5 News

Published 04/18 2014 10:35AM

Updated 04/18 2014 10:39AM

(WFRV) -  Michaels, a nationwide craft store, says that approximately 2.6 million cards may have been impacted in a data security incident.

According to a list on the Michaels website 17 stores in Wisconsin were exposed to the security breach.

The Michaels store in Grand Chute was exposed at four different times:

May 8, 2013 - August 10, 2013

August 13, 2013 - October 6, 2013

October 16, 2013 - November 23, 2013

December 11, 2013 - January 18, 2014

The Michaels store in Green Bay was exposed once:

May 8, 2013 - July 29, 2013

Michaels reached out to customers today, so people could take steps to monitor activity and  payment on their card accounts.

The company uncovered evidence confirming that systems of Michaels stores in the United States and a subsidiary, Aaron Brothers, were attacked by criminals using highly sophisticated malware that had not been encountered previously by either of the security firms.

The affected systems contained certain payment card information, such as payment card number and expiration date, about both Michaels and Aaron Brothers customers. There is no evidence that other customer personal information, such as name, address or PIN, was at risk in connection with this issue.

The Breach happened between May 8, 2013 and January 27, 2014.

The company is offering identity protection and credit monitoring services to affected Michaels and Aaron Brothers customers in the U.S. for 12 months at no cost to them.

We also are offering these customers a fraud assistance service for 12 months at no cost to them.

Information on the services can be found at,default,pg.html#a01

The company says people should monitor all of your payment card account activity and immediately contact your bank or card issuer if you notice any suspicious activity.

Copyright Copyright 2014 Nexstar Broadcasting, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.