Michaels may have been the victim of an attack on its data, but it wasn’t going to wait to find out the way Target and Neiman Marcus did before warning customers.
In a statement laced with the word, “may,” Michaels said it recently learned of possible fraudulent activity on some U.S. payment cards that had been used at its stores, which it said suggested the company may have experienced a data security attack.
However, unlike Target and Neiman Marcus, who have been criticized for not being aware their systems were compromised and being slow to alert customers, Michaels erred on the side of caution.
“We are concerned there may have been a data security attack on Michaels that may have affected our customers’ payment card information and we are taking aggressive action to determine the nature and scope of the issue,” said Chuck Rubin, CEO. “While we have not confirmed a compromise to our systems, we believe it is in the best interest of our customers to alert them to this potential issue so they can take steps to protect themselves, for example, by reviewing their payment card account statements for unauthorized charges.”
The company said it is working closely with federal law enforcement and is conducting an investigation with the help of third-party data security experts to establish the facts. Although the investigation is ongoing, based on the information the company has received and in light of the widely reported criminal efforts to penetrate the data systems of U.S. retailers, Michaels said it was appropriate to let customers know that a potential issue may have occurred.
“Throughout our 40-year history, our customers have always been our number one priority and we deeply regret any inconvenience this may cause,” Rubin said. “The privacy and security of our customers’ information is of critical importance to us and we are focused on addressing this issue.”