Michaels breachMichaels, one of the biggest arts and crafts retail chains, has confirmed the breach of 2.6 million of its customers’ debit and credit card information, or 7 percent of payment cards used at Michaels stores in the U.S. during the relevant time period, according to the company’s press release. Michaels also confirmed that its subsidiary Aaron Brothers was also affected by a breach that exposed more than 400,000 payment cards.

When did the Aaron Brothers and Michaels breaches occur?

The Michaels breach occurred between May 8, 2013 and January 27, 2014 in thousands of stores located in 48 states across the country. You can see a complete list of all the stores affected as well as the specific dates of the breach for that store here.

On the other hand, 54 Aaron Brothers stores in seven states were affected by the  breach, which occurred between June 26, 2013 and February 27, 2014. Find a complete list of all of the AAron Brothers stores affected with specific dates of the breach here.

Both Michaels and Aaron Brothers were targeted by criminals using highly sophisticated malware designed to steal payment information.

What information was exposed in the breaches?

Only payment card information, including card numbers and expiration dates, were exposed in both the Aaron Brothers and Michaels Breach, according to the company’s press release. It said there’s no evidence that any personal information — such as name, address or PINs — were exposed in the breaches.

How can I protect myself?

Since only payment information was exposed in the breaches, there are not too many steps that you’ll need to take in order to protect yourself.

1. Monitor your bank statements: Once you’ve confirmed that you’ve shopped at one of the locations listed in the links above, you’ll want to make sure that you look through all of your previous and current bank statements to verify that you were the one who completed all of the transactions. If you notice any unfamiliar transactions, you should call your bank to inquire as well as report the transactions as potential fraud. A representative will be able to walk you through the bank’s fraud-reporting process.

2. Request a new debit card: Usually banks will only issue you a new debit or credit card if there is confirmed fraudulent activity on the account, however there are certain circumstances, such as a data breaches, that a bank will allow you to get a new card even if your account has no confirmed fraud. Call your bank to see what its policy is on reissuing debit or credit cards.

3. Consider signing up for identity theft protection: Even though no personal information was revealed in either the Aaron Brothers or Michaels breach, this still is an essential step for anyone affected by the breaches because they are more vulnerable to falling victim to identity theft since their information has already been breached. Identity theft protection services make sure your personal information remains safe through two main features: identity scanning and credit report monitoring.

Identity scanning monitors your personal information — such as your social security number, date of birth, mailing address and other information — on public records and the Internet black market to make sure it isn’t being sold, traded or used by identity thieves. In the event that the service detects any of your information, it will alert you immediately and provide you with tips on what you should do to protect yourself.

Most identity theft protection services offer credit report monitoring that scans your credit reports for all three bureaus — Experian, TransUnion and Equifax — to verify that nothing is added or changed. In the event that there is an addition or change to any of the three, you will be alerted and provided tips with how to protect yourself.

Visit our identity theft protection reviews to learn more about these services and find the best service for your needs.