Michaels Stores, the large arts and crafts retail chain, disclosed in January 2014 that it was investigating a potential data security breach involving payment cards used at its stores. The investigation ultimately revealed that between May 8, 2013 and January 27, 2014, POS malware was active on checkout systems at approximately 877 Michaels store locations across the United States — the vast majority of its store base. Additionally, 54 Aaron Brothers stores (a Michaels subsidiary) were affected between June 26 and September 27, 2013. Approximately 2.6 million payment cards were exposed at Michaels stores, and approximately 400,000 at Aaron Brothers. The malware was specifically designed to scrape payment card track data from RAM during the transaction authorization process, capturing the full magnetic stripe data needed to produce counterfeit cards. Michaels hired security firm Kroll to conduct forensic investigation. The breach occurred contemporaneously with the Target breach (disclosed December 2013) and Neiman Marcus breach, forming a cluster of major POS malware incidents that drew congressional attention and accelerated industry migration to EMV chip card technology in the US. Michaels ultimately paid $125,000 to settle an investigation by the Connecticut Attorney General and contributed to multi-state settlements. The breach is associated with the broader wave of POS malware activity attributed to Eastern European cybercrime groups during 2013-2014.