Michaels Stores said Thursday that about 3 million customer credit and debit cards may have been exposed to hackers due to malware found on its Michaels and Aaron Brothers systems.
The malware has since been removed and attacked a limited number of checkouts at some stores between May 8, 2013, and Jan. 27.
Michaels first said in late January that it may have been hacked, but didn’t give any details at the time. It’s been working with federal law enforcement since then and hired data security experts.
Target Corp. and Dallas-based Neiman Marcus were among the first to acknowledge that customer credit card data had been scraped from their systems.
Michaels Stores has filed paperwork with its intentions to issue public stock. But dates for other specifics of an IPO haven’t been disclosed yet.
Michaels is the largest arts and crafts chain with 1,137 Michaels stores in the U.S. and Canada and 122 Aaron Brothers framing shops.
Michaels replaced store PIN pads in 2011 after its debit card terminals were compromised in 20 states.