Michaels, the country's largest arts and crafts chain, has discovered a data security breach that may have compromised as many as 3 million customers' credit card information.
Two security firms found thieves hacked the company's system using "highly sophisticated malware that had not been encountered previously by either of the security firms," Michaels said in a statement Thursday night.
Urgent: Do You Approve Or Disapprove of President Obama's Job Performance? Vote Now in Urgent Poll
The company said the breach affected about 2.6 million debit and credit cards at its Michaels locations, and another 400,000 at its subsidiary, Aaron Brothers.
The malware has been removed, the Irving, Texas-based company said.
The affected data includes customer information such as card numbers and expiration dates, though Michaels said there was no evidence that personal info such as names, addresses, or PIN numbers were stolen.
The company is offering free identity protection, credit monitoring, and fraud assistance services to all affected U.S. customer for 12 months.
The infraction occurred at Michaels stores between May 8, 2013, and Jan. 27, 2014, and between June 26, 2013, and Feb. 27, 2014, at 54 Aaron Brothers locations. Michaels posted a list of the affected stores on its website.
Michaels first confirmed the violation in late January.
Urgent: Assess Your Heart Attack Risk in Minutes. Click Here.
Consumers are already wary about the safety of their personal data after a pre-Christmas breach at Target, which affected 40 million people
"Our customers are always our number one priority and we are truly sorry for any inconvenience or concern Michaels may have caused," Michaels CEO Chuck Rubin said in a statement.
© 2014 Newsmax. All rights reserved.