IRVING, Texas - Officials with Michaels Stores Inc. are investigating a possible company data security breach that may have affected its customers' payment card information.
The Irving, Texas, company said Saturday that it launched the probe after learning of possible fraudulent activity on some U.S. payment cards used at the home decor and crafts retailer.
Michaels is working with federal law enforcement and data security experts, but has yet to confirm that its systems were compromised.
Purdue University professor Samuel Liles, a national cyber forensics expert, said there could have been another dozen or so stores compromised in the latest attack. He said he doesn’t expect the security breaches to stop any time soon.
Liles said even though companies are getting better at protecting customer information, each innovation in security brings an innovation in hacking.
"This idea of point-of-sale malware has existed since March. So as that morphs and their technique improves, I think we'll see more breaches, that they'll get more stuff," Liles said. "That's a concern for anybody dealing with any place on the Internet. This is not just Target, it's not just Michaels, it's any company you deal with. Because we've automated all these technologies, there is inherently risk involved in all of the convenience that we have."
Michaels CEO Chuck Rubin suggests Michaels customers take steps to protect themselves, such as reviewing their account statements for unauthorized charges.
Neiman Marcus Group Ltd., recently said a security breach last year may have affected about 1.1 million cards.
Target Corp. has said hackers stole about 40 million debit and credit card numbers during the holiday season.
Liles recommended to always use a credit card instead of a debit card because the fraud protection is much higher.
Remember there is some amount of risk involved in almost everything, Liles warned. He said letting a server walk away with a credit card is much riskier than swiping a card at any retailer.
It is also important to be aware of phishing emails in the in the wake of the breaches. Companies will never email or call consumers asking for a social security number.