Michaels Stores, Inc. confirmed Thursday that credit card information obtained by the company in 2013 was compromised by malware.
The company hired two independent security firms to investigate a malware attack discovered in January. Working with law enforcement agencies and banks, it was determined that roughly three million Michaels and Aaron Brothers customers were affected by the breach between May 2013 and January.
According to the release, the malware affected point of sale systems, which contained payment card numbers and expiration dates, but not personal information like names, pins, or addresses.
“Our customers are always our number one priority and we are truly sorry for any inconvenience or concern Michaels may have caused," said Chuck Rubin, Michaels Stores, Inc. CEO, in the release. "Importantly, with this incident now fully contained, we can assure customers this malware no longer presents a threat to shoppers at Michaels or Aaron Brothers.”
The Texas-based company has said it has only received a limited number of reports of fraudulent uses of the cards affected by the attack, but has committed to protecting all affected customers with 12 month credit protection and fraud assistance at no cost to them.
A similar breach occurred at Target stores across the nation between November and December 2013.