WASHINGTON (4/21/14)--A data breach at Michaels Stores and associated business Aaron Brothers may have impacted 2.6 million cardholders, the arts and crafts retailer confirmed late last week.
The security breach was created by "criminals using highly sophisticated malware that had not been encountered previously by either of the security firms," Michaels said in a statement. The retailer said the incident has been contained. This is the second such incident that has occurred at Michaels since 2011.
The Credit Union National Association is pressing federal lawmakers to address data security relative to merchants, who are not held to the same standards of security as credit union and other financial institutions.
In particular, CUNA maintains that all payments system participants must be held to comparable levels of federal data security requirements; those responsible for the data breach should be responsible for the costs of helping consumers; and those responsible should ensure consumers know where their information was breached.
The newest Michael's breach took place between May 8, 2013, and Jan. 27, 2014, according to reports. The 2.6 million cards that were potentially impacted represent 7% of cards that were used at Michaels stores during that time period. Another 400,000 cards may have been impacted at Aaron Brothers stores between June 26, 2013, and Feb. 27, 2014.
"There was no evidence that data such as customers' name or personal identification number were at risk," Michaels Stores said in their release.
In March, the National Credit Union Administration launched a new resource for credit unions--a webpage that provides links to cybersecurity and data security resources. Use the resource link.