Several Michaels stores in Pennsylvania have been the target of a criminals “using highly sophisticated malware” to steal credit card information, the company has announced.
After analyzing the data breach, first discovered in January, Michaels has confirmed that customers of dozens of stores in the Philadelphia and Pittsburgh metro areas may have had their credit card information stolen as part of this breach. Nationwide, about 2.6 million customers may have been impacted by the data breach.
In a letter posted to the company’s website, CEO Chuck Rubin said the attack targeted a limited portion of the point-of-sale systems at stores between May 8, 2013 and January 27, 2014. Customers who used a credit card at the store during that timeframe should monitor account activity and contact their card issuer immediately if they notice suspicious activity.
Not every card used in the affected stores during the times of exposure were impacted by the malware, Rubin said. There is no evidence that other customer personal information, such as name, address or card PIN numbers, was accessed, he noted.
Rubin said Michaels has “fully contained the incident” and assures customers the malware is no longer a threat when shopping at Michaels.
“We are truly sorry and deeply regret any inconvenience this may cause. Our customers are always our number one priority and we are committed to retaining your trust and loyalty,” the CEO said.
Michael’s stores in the following Pennsylvania towns have been impacted:
- Bala Cynwyd
- Bethel Park
- Cranberry Township
- Dickson City
- King of Prussia
- North Wales
- State College
- West Hazleton
- Wilkes Barre
- Willow Grove