Michaels, North America’s largest specialty arts & crafts store, has confirmed that a security breach exposed data from millions of transactions from May 8th, 2013, to January 27th, 2014.

“Our customers are always our number one priority and we are truly sorry for any inconvenience or concern Michaels may have caused. We are committed to assisting affected customers by providing fraud assistance, identity protection and credit monitoring services. Importantly, with this incident now fully contained, we can assure customers this malware no longer presents a threat to shoppers at Michaels or Aaron Brothers,” said Chuck Rubin, CEO.

We’d known about a possible breach at Michaels (and their subsidiary Aaron Brothers) since January, when the company notified customers that they were investigating the possibility. In January, the Krebs on Security blog confirmed that the company and the U.S. Secret Service were launching an investigation into a data breach.

Today, Michaels has confirmed everything, stating that approximately 2.6 million cards could have been impacted (via Michaels transactions) and an additional 400,000 cards affected through Aaron Brothers transactions.

This comes to about 7% of all the cards used at Michaels stores during the breach period.

The company blames “highly sophisticated malware that had not been encountered previously by either of the security firms,” as the root of the issue.

“In an era where very sophisticated and determined criminals have proven capable of successfully attacking a wide range of computer networks, we must all increase our level of vigilance. Michaels is committed to working with all appropriate parties to improve the security of payment card transactions for all consumers,” said Rubin.

Right now, Michaels admits to a “limited number” of reports from cardholders and banks that their cards were used fraudulently as a result of the data breach.

This news comes on the heels of several other high-profile data breaches of major retailers, including Target and Neiman Marcus. As a way to assuage consumer anxiousness, Target offered all customers a year of free credit monitoring. Michaels is doing the same.

Image via Wikimedia Commons