Michaels Stores Inc. said Thursday that 3 million credit and debit cards may have been exposed in a pair of security breaches.
The breach involving Michaels and its Aaron Brothers stores were previously reported in January by the blog Krebs on Security. However, in a press release Thursday, the company said in the wake of the disclosure that it had “retained two independent, expert security firms to conduct an extensive investigation."
That investigation of its payment systems revealed that systems that were breached contained "certain payment card information, such as payment card number and expiration date, about both Michaels and Aaron Brothers customers.”
The company said no other personal information was taken during the attacks, which apparently went undetected for almost eight months last year.
The company said 2.4 million payments cards used at Michaels were potentially exposed. An additional 400,000 cards used at Aaron’s were affected, the company said.
“Our customers are always our number one priority and we are truly sorry for any inconvenience or concern Michaels may have caused,” Chief Executive Chuck Rubin said in a statement. “We are committed to assisting affected customers by providing fraud assistance, identity protection and credit monitoring services.”
The revelation about Michaels came shortly after Target revealed that its systems had been breached and that 40 million payment cards had been affected.